A BZ Media Publication 




fil • SOFTWARE DEVELOPMENT 



nmes 

The Industry Newspaper for Software Development Managers 



SPECIAL REPORT: DEFECT TRACKING 

Search and Destroy 

p New defect-tracking 

J f tools, practices 

help keep 

code free 

of bugs 

page 30 





FEBRUARY 15, 2006 • ISSUE NO. 144 



www.sdtimes.com • $7.95 



Extreme Makeover: 
New Thinking for JUnit 4 

A conversation with software guru Kent Beck 



BY EDWARD J. CORREIA 

For his books on Extreme Pro- 
gramming, refactoring, test-dri- 
ven development, Smalltalk and 
Eclipse, or for efforts toward the 
founding of the Agile Manifesto 
and the Three Rivers Institute — 
it's hard to say how Kent Beck 
might best be known. 

Ironically, many developers 
may know his name from some- 
thing he considers simply a hob- 
by: the creation the JUnit testing 
framework for Java, which he co- 
authored with Erich Gamma. 

Beck characterizes JUnit 4, 

now in beta, as its most signifi- 

► continued on page 24 




NUnit influenced JUnit, says Beck. 



GPL 3.0 Changes How 
FSF Sees Open Source 

Draft addresses license compatibility, software patents 



BY JENNIFER DEJONG 

The Free Software Foundation 
has released the long-awaited 
draft of the GNU General Public 
License 3.0, setting in motion 
the first major modification of 
the widely used open-source 
software license since the second 
version was released in 1991. 

Unveiled at the Massachu- 
setts Institute of Technology in 
Cambridge last month, GPL 3.0 
addresses compatibility with oth- 
er open-source licenses, software 
patents and digital rights man- 
agement, among other issues. 

► continued on page 26 



WHAT'S NEW IN GPL 3.0? 



• The right to combine GPL 3.0 code with code governed by other 
licenses. GPL 2.0 mandated that any code that included GPL- 
licensed components fell under the GPL. But under GPL 3.0, Apache 
code would adhere to the Apache license, Eclipse code could follow 
the Eclipse license, and so forth. 

• A patent retaliation clause designed to discourage patent 
infringement lawsuits. Developers who obtain patents for software 
based on GPL code and use those patents to strike out at others 
lose their rights to modify and distribute GPL code. 

• A stance on digital rights management. GPL 3.0 defines encryp- 
tion and authorization codes (used by some developers to prevent 
their code from being copied) as source code. As such, it must be 
made available to other developers. -Jennifer deJong 



United Beacon Team Shines on SPEM 2.0 

Eclipse Process Framework leaders opt unanimously to focus on future OMG spec 



BY EDWARD J. CORREIA 

At the first meeting for Project 
Beacon, the code name for the 
Eclipse Process Framework 
technology project, 20 develop- 
ers from 14 constituent compa- 
nies created subproject working 
groups for a tooling meta- 
model, unified process and agile 
development. 

They also decided at the Jan- 
uary meeting to base the tools on 
a specification not yet finalized 
by the Object Management 
Group. 

The tooling metamodel will 
offer a structure for method con- 
tent and processes using OMG's 
MetaObject Facility (MOF), 



UML diagrams and an XML 
schema. It will be based on 
IBM's Unified Method Architec- 
ture (UMA), which itself is an 
evolution of OMG's Software 
Process Engineering Meta-mod- 
el (SPEM) 1.1, which integrates 
concepts from IBM RationaPs 
RUP and other technologies. 

SPEM 1.1, the current OMG 
standard, was ratified in January 
2005; SPEM 2.0 is expected to 
be stable next month, but may 
not be ratified for a year or two. 
Backers of Beacon, including 
IBM RationaPs Per Kroll, who 
leads the project, believe it will 
be better to base the tools on 
► continued on page 26 
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The RUP iterative process, which will form a major part of the Eclipse 
Process Framework, allows work effort to be computed for each discipline 
over time (from left to right). 



Microsoft Hawks 
Elixir as Cure 
For Integration 

Posts its recipe for 
CRM-to-Outlook Project 

BY ANDY PATRIZIO 

Microsoft has posted sample code 
and documentation for an inter- 
nal project, called Project Elixir, 
showing how the company built 
Web services to let employees 
access its numerous CRM sys- 
tems using Outlook. 

"The thought behind sharing 
our experiences on CRM and 
Elixir was essentially sharing the 
way we dealt with a set of issues 
that our customers talk to us 
► continued on page 23 
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Microsoft Goes Live With Two WinFX Foundations 

Go-Live versions, tuned for heavy server-side testing, get new characteristics 



BY ANDY PATRIZIO 

Microsoft in mid-January re- 
leased Go-Live licenses for Win- 
dows Communications Found- 
ation and Windows Workflow 
Foundation, an open invitation 
for developers to bang away at 
server-side editions of two of 
Vista's upcoming core tech- 
nologies. 

Go-Live versions are specif- 
ically tuned for server-side 
deployment, according to 
Microsoft, and are meant to be 
pounded on by developers to 
determine product scalability 
and performance. Client-side 
versions of the two core Win- 
FX technologies, which will be 
a part of Windows Vista, have 
been previously made avail- 
able. There is no Go-Live 
release of Windows Presenta- 
tion Foundation, the third 



piece of WinFX, since it's a 
client-only technology. 

Microsoft first announced 
WinFX at the Professional 
Developers Conference in Sep- 
tember 2005. WinFX is a new 
programming model for Vista 
that also has been ported to 
Windows XP and Windows 
Server 2003. It requires .NET 
Framework 2.0. 

Ari Bixhorn, director of 
Microsoft's Web services strate- 
gy, said the Go-Live code is 
between beta 1 and beta 2 in 
terms of quality. "These releas- 
es are actually higher quality 
than traditional beta releases. 
For a Go-Live release, we do 
additional stress testing to 
ensure they will stand up to 
scalability needs of a produc- 
tion environment," he said. 

Bixhorn expects customers 



to start working with the tech- 
nologies immediately — even 
though final code is months 
away — to test the scalability of 
their applications while run- 
ning WinFX in a production 
environment. 

Windows Communications 
Foundation (WCF) for Go- 
Live has two new tools since 
the first beta in December, 
according to Bixhorn. One is a 
service configuration editor, to 
set bindings and configura- 
tions in services without hav- 
ing to touch the XML code. 
The other is a service trace 
viewer that can view the flow 
of messages between WCF 
services, allowing admins to 
diagnose issues across a ser- 
vice architecture. 

WCF also supports the 
entire set of WS-* Web ser- 




Microsoft made sure the Go-Live 
betas scale, says Bixhorn. 

vices protocols, plus adds sup- 
port for Representational 
State Transfer (REST)-based 
Web services. REST services 
are simple Web services that 
expose information using XML 
over HTTP. 



Team Foundation Server Coming in March 



BY ALAN ZEICHICK 

SAN FRANCISCO — Team 
Foundation Server, the final 
piece of the Visual Studio Team 
System product family, will ship 
in March, Microsoft let it be 
known at the VSLive confer- 
ence, held here the last week in 
January. 

According to S. "Soma" 
Somasegar, corporate vice presi- 
dent of Microsoft's developer 
division, Team Foundation Serv- 
er will act as a single collabora- 
tion point for developers, testers 
and product managers. TFS, 
which augments the Visual Stu- 
dio Team System tools that 
shipped last November, adds a 
new source code control system, 
issue tracking, project manage- 
ment and reporting into a single 
integrated data store. 

Community Technology 
Previews — that is, public 
betas — of TFS have been 
available to subscribers of the 
Microsoft Developer Network 
since July 2005, but the com- 
pany is now offering the first 
Release Candidate of the serv- 
er, said Ian Knox, lead product 
manager in Microsoft's devel- 
oper marketing group, at 
VSLive. The event is produced 
by Fawcette Technical Publi- 
cations. 

Knox also confirmed that 
Windows Vista is still on track 




Team Foundation Server is meant 
to act as a single point of collabo- 
ration, says Microsoft's Somasegar. 

for release in the second half 
of 2006, and that the next iter- 
ation of Visual Studio, code- 
named Orcas, will be following 
in 2007. "It's on an 18-month 
release cycle," he said. Visual 
Studio 2005 shipped on Nov. 
7, 2005. 

Orcas, explained Knox, will 
exploit features of the Win- 
dows Vista release, and will 
include new development 
technologies announced at last 
year's Microsoft Professional 
Developers Conference, and 
which are currently offered 
through a CTP public beta. 

These include Language 
Integrated Query (LINQ), a 



single coding model for 
searching databases, objects 
and XML files using Visual 
Basic and C#; Atlas, a rich- 
client framework for building 
Web applications using AJAX; 
Visual Studio Tools for Appli- 
cations (VSTA), a .NET ver- 
sion of Visual Basic for Appli- 
cations; and Cider, a visual 
designer for Windows Presen- 
tation Foundation. 

The CTP for Cider, and 
some Orcas functions that can 
be integrated with Visual Studio 
2005, can be downloaded from 
msdn.microsoft.com/windows 
vista/getthebeta. Applications 
written with Cider will be 
compatible with Windows 
Vista, Windows XP SP2 and 



Windows Server 2003 SP1, if 
they have the latest CTP of 
the WinFX Runtime Compo- 
nents installed. WinFX can be 
downloaded from that same 
page. 

When asked about Team 
Foundation Server's support 
for IDEs other than Micro- 
soft's own Visual Studio 2005 
and VSTS, Knox said that 
Microsoft would be leaving 
that to partners. He highlight- 
ed two companies, Teamprise 
and Teamplane, which offer 
Eclipse plug-ins that can 
access TFS. Those companies 
also offer tools for enabling 
Visual Studio 2003, Linux, 
Macintosh and browsers to 
access TFS. I 



NEW YEAR, NEW LOOK 

This issue of SD Times marks the sixth anniversary of the news- 
paper, so we decided to give our readers a little anniversary pre- 
sent — a new look to page 1. 

Our goal in changing the page 1 design is to give us greater 
flexibility in how we present the top stories to you, including the 
use of bigger, more meaningful graphics and art, and bolder ref- 
erences to the more significant stories inside. Special thanks go 
out to SD Times art director Mara Leonardi for her compelling, 
engaging design. 

Sit back and enjoy the new look of the paper. While our 
appearance has changed, the rest of SD Times is the same — 
timely news, thoughtful analysis and insightful opinions. 

— David Rubinstein, Editor-in-Chief 



Windows Workflow Foun- 
dation (WWF) has a new poli- 
cy activity that deals with com- 
plex work sets within a 
workflow. A new capability in 
the workflow rules designer 
allows developers to host the 
fully customizable rules 
designer in their applications 
rather than having to write 
their own, said Bixhorn. 

BETTER THAN EXPECTED 

Ohio State University profes- 
sor Furrukh Khan, who is also 
director of technology for the 
school's Collaborative for 
Applied Software Technology, 
has been working with WCF 
for some time, including the 
Go-Live versions, and said it 
has yet to reach its limits. 
WCF is "working better than 
expected as far as scalability is 
concerned," he said. 

One benefit of WCF for the 
school has been that the frame- 
work allowed it to remove a 
great deal of old code. 

"A lot of infrastructure con- 
cerns like security were mixed 
with our code. So our code 
had security, reliable messag- 
ing implementations and other 
homegrown fixes to solve 
problems," Khan said. After 
moving to WCF, the school's 
codebase shrunk by 80 per- 
cent, he said, because so much 
functionality was passed on to 
WCF. 

Kahn said that OSU has 
deployed a number of federat- 
ed Web services and has 
attempted to improve scalabil- 
ity by distributing messages 
across multiple intermediary 
servers. But while the school's 
old homegrown solution didn't 
accomplish the desired scala- 
bility in that way, WCF solves 
the problem. 

"By going through WCF, 
we can use intermediate 
SOAP message routers, so that 
we can have reliable messag- 
ing in everything, even if going 
through intermediaries, and it 
gives us scalability and effi- 
ciency," said Khan. 

WinFX is expected to ship 
along with Windows Vista in 
the second half of this year. 
The Go-Live betas of WCF 
and WWF can be found at 
msdn.microsoft.com/winfx 
/getthebeta/golive/downloads 
/default. aspx. I 
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Is Oracle Leaving Its Developers Behind? 

Commitment to Sun, Java may impact users of non-Oracle components 



BY ALEX HANDY 

Oracle's mid- January announce- 
ment of a strategic partnership 
with Sun Microsystems will 
result in Java's becoming the 
foundation language for devel- 
oping applications for Oracle's 
Fusion middleware platform. 
And that could create problems 
for many Oracle customers, 
which traditionally have not 
been Java houses. 

"It really affects customers 
in a number of ways," said Niel 
Robertson, CTO of Newmerix, 
which offers support for older 
distributions of business appli- 
cations. "They're going to 
change the face of the software 
and of your team. [Developers 
who write] PeopleCode and 
SQLDB now have to become 
Java developers. There's lots of 
implication for your team 
structure." 

But Robertson said that the 
largest problems could come 
from customized applications. 
"The other thing that's im- 



portant is that most customers 
are highly customized," said 
Robertson. "That's how 
they've added value to People- 
Soft over time with People- 
Code. As they move to this 
new development platform, 
none of those customizations 
are ready to be moved over. 
The data models are different. 
It's going to put customers in a 
unique position where they 
have to say, 'How much of my 
customization can I rewrite; 
how much do I have to leave 
behind?' I think if you look for 
the whole customer base at 
PeopleSoft and JD Edwards, 
there are millions of cus- 
tomizations, all of which are 
going to be end-of-life." 

Fred Studer, vice president 
of applications at Oracle, did 
have a message for non-Oracle 
users. "We've not made the 
final determination on what all 
the databases are that will be 
supported by these applica- 
tions. We're looking at these 



databases as we support them 
and trying to really decide what 
it will require to run these 
applications on those plat- 
forms. I will tell you [that] 
we're still talking to customers 
and talking to the mar- I 
ket to figure out how JDEVELOPER 
and what we want to do FACELIFT 
with this." 

"The hardest part of 



available in 2008," said Studer, 
referring to its PeopleSoft and 
JD Edwards products. 



providing any tech or any appli- 
cation is understanding the 
problem you're trying to solve," 
said Studer. "Once you under- 
stand, actually coding that solu- 
tion is very easy. And so once 
you know that, and you've got a 
great tool set and an infra- 
structure, really a lot of the 
work is done. 

Studer went on to say that 
Oracle is committed to sup- 
porting PeopleSoft and JD 
Edwards users through at least 
2013. "Over time, we're going 
to provide an automated 
upgrade path to take advantage 
of the Fusion suite when it's 



COMMITTED TO JAVA 

As part of last month's announce- 
™ ment, Oracle renewed its 
commitment to the Java 
Community Process 
and announced that it 
^^^h had chosen Solaris 10 
as its preferred platform for 
64-bit applications. 

In addition, Oracle represen- 
tatives declared that the compa- 
ny was halfway to completion of 
Fusion. Jason Bloomberg, senior 
analyst at ZapThink, said that 
this announcement is a strate- 
gic shot across the bow of rival 
SAP, and he believes Oracle is 
more concerned with its rival 
than its users. "So when one 
vendor says our No. 1 priority 
is going after the competition, 
that means customers aren't 
the priority. It's hard to go 
wrong being single-minded on 
customer service, but if that's 



Eclipse, NetBeans Get Support for AJAX, JSF 



BY ALEX HANDY 

Sun Microsystems and Exadel 
late last month introduced 
tools for the development 
of AJAX applications that 
integrate with JavaServer 
Faces. Sun's NetBeans-based 
Studio Creator Pro 2 is now 
available for free from Sun's 
Developer Network Web site, 
while Eclipse-based Exadel 
Studio Pro 3.5 is available 
from that company's Web site 
for US$199. 

For the Eclipse crowd, 
Exadel's Studio Pro 3.5 offers 
support for Facelets 1.0 and the 
next release of the Struts 
framework, code-named Shale, 
and has a new drag-and-drop 
interface for developing AJAX 
(Asynchronous JavaScript and 
XML) applications from basic 
components. 

"We have visual editors that 
recognize components. You can 
drag components from a palette 
onto your pages," said Igor Sha- 
balov, vice president of product 
development at Exadel, of the 
enhancements. The compo- 
nents-based development envi- 
ronment includes components 
for suggestion and comment 
boxes for JSF and AJAX, he 
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The Eclipse-based Exadel Studio Pro development environment supports Facelets 1.0 and the Struts framework. 



said, adding that Exadel 
believes developers should not 
have to alter JavaScript code in 
pages. "Our strategy is to gener- 
ate JavaScript components for 
them instead." Exadel's newly 
updated Studio Pro is distrib- 
uted as a set of plug-ins for 
Eclipse 3.1. 

Based on NetBeans 4.1, 
Sun's Studio Creator 2 is the 



company's first foray into the 
AJAX space. This version also 
offers a host of new JSF com- 
ponents. 

Dan Roberts, director of 
developer tools marketing at 
Sun, said, "The first release had 
the reference implementation 
of JSF included. This release 
we've added a whole new 
library of components. The 



components themselves have 
advantages in that they're 
themable, so you can predesign 
themes for individual compo- 
nents, like buttons and images 
and links." 

Roberts went on to say that 
Sun has included a number of 
AJAX code snippets, such as 
one to integrate coordinates 
onto a Google Map. I 



not your focus, people can get 
trampled," said Bloomberg. 

Newmerix's Robertson said 
that he was shocked by Oracle's 
claim that its Fusion solution 
was 50 percent completed. 

Robertson said that Oracle 
"talked a lot about the fact that 
Fusion would be treated as an 
upgrade and not a replacement. 
If you dig under the covers a lit- 
tle bit, you find that they're mov- 
ing away from the tool sets they 
have now. They have actually 
decided not to bring those appli- 
cations forward but to build the 
next round on JDeveloper. This 
has always been the strategy." 

LOOKING FOR ANSWERS 

Robertson pointed out that Ora- 
cle has yet to answer the data- 
base question: Will its Fusion 
platform support non-Oracle 
databases? For some customers, 
Robertson said, a move away 
from support of non-Oracle 
databases could cause massive 
migration headaches for users of 
IBM DB2, Microsoft SQL Serv- 
er or PostgreSQL. 

But Robertson said, "If the 
next generation of Fusion is 
based on the Oracle DBS, the 
question is, is it going to be an 
Oracle-only solution? I think the 
[percentage of database] usage 
is only 40 percent Oracle. That's 
a large amount of their customer 
base that may have a database 
upgrade as well as an application 
update. They're talking a lot to 
the customer base, and that's 
good, but the very clear and 
definitive statements are not 
there. For PeopleSoft customers 
using DB2, it's not an option to 
go to Oracle." 

Jason Bloomberg, comparing 
Oracle's plans with SAP's move 
from R3 to NetWeaver, isn't 
sure that the transition to Fusion 
will be so easy. "I would say that 
NetWeaver is farther along 
[than Fusion], but it's still a work 
in progress," he said, referring to 
SAP's enterprise service archi- 
tecture platform, which sup- 
ports both Java and .NET "I 
would say [NetWeaver is] more 
than at that 50 percent mark, 
though it's still going to be 
another year before that is ready. 
Fusion, though, I'd be surprised 
if it's half-done. I wouldn't be 
surprised if there are more 
acquisitions, if they're going to 
stick more body parts into that 
Frankenstein monster." I 
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Systinet 2 Adds Governance to SOA tools 

New components manage contracts, artifacts through metadata repository 



BY ALEX HANDY 

Systinet, which was acquired by 
Mercury Interactive at the end 
of January, has added gover- 
nance capabilities to the new 



version of its SOA software 
suite, Systinet 2. The suite was 
made public on Jan. 30, and 
includes version 6.5 of the com- 
pany's registry software in addi- 



tion to new tools for gover- 
nance, contract negotiation and 
management. 

Jake Sorofman, vice president 
of product marketing at Systinet, 



said the governance tools are a 
natural extension of the compa- 
ny's registry product. "[Systinet 2] 
has got components for the 
standards-based discovery and 



It's amazing 

what you can do with 
the right tool! 
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A project isnt quite right when you 
don't use the appropriate took The same is true 
for application development. Without the appropriate 
tool your application isn't quite right, Why waste the 
time with components that have less functionality? 
Spread is all you'll need to get the job done right the 
first time. Spread is the consummate spread/grid 
development component Log on to www.fpointcom 
to download a 30-day free trial and check out our 
other great products, 



Providing flexible, powerful and 

reliable solutions for your 
development needs. 



publishing of all your artifacts. 
It is the basis of interoperability 
for all aspects of SOA." 

The release introduces two 
components. A contract manag- 
er is implemented through a 
metadata repository and gives 
providers a means for negotiat- 
ing around agreements, accord- 
ing to Sorofman. "A consumer 
can register for consumption, 
they can engage with the 
provider and negotiate the terms 
and conditions with that 
provider. They can decide what 
is the uptime expected, [and] 
what the charge-back details 
[are]." All of that, he said, can be 
negotiated in a way that is 
streamlined and structured. 
"Once there is that formalized 
relationship between the con- 
sumer and the provider, it offers 
the basis for creating change," 
and for managing those changes. 

Sorofman said that Systinet 2 
provides facilities for customers 
and companies to negotiate 
these details online and within 
the framework the tools provide. 

The second piece of the gov- 
ernance puzzle that's new to 
Systinet 2, said Sorofman, is 
Info Manager, which provides 
the ability to manage all the arti- 
facts, to map services between 
them, and to map relationships 
between services and policies. 
The tool also provides a list of all 
the relationships and interde- 
pendencies. 

Finally, said Sorofman, Systi- 
net s Policy Manager has evolved 
for version 2 as well. "Policy 
Manager automates design-time 
enforcement of policies in ser- 
vices. As you create a new ser- 
vice, it provides the ability to 
automate the validation of that 
service to specific IT and busi- 
ness regulatory policies." New to 
this edition of Policy Manager 
are some preconfigured policies 
that will help developers get 
started, said Sorofman. I 
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Fortify Adds App Security Watcher to Line 

Application Defense monitors deployed applications in search of potential exploits 



BY ANDY PATRIZIO 

Fortify has broadened its line 
of application security prod- 
ucts with the addition of 
Fortify Application Defense, 
a last-line-of-defense utility 
that works on deployed appli- 
cations to catch attempted 
exploits. 

The company already has 
tools for checking source code 
and testing an application 
during the QA cycle. Applica- 
tion Defense is meant for 
applications in production 
and catches attempted ex- 
ploits such as SQL injections, 
input length overruns and 
probe detection. 

While it's always good to fix 
applications before deploying 
them, Mike Armistead, vice 
president of products at Forti- 
fy, said that there are many 
applications already in produc- 
tion that might not have been 
tested for vulnerability. 

"The priority for a lot of old 
apps wasn't how secure they 
could make it — it was could 
they get it deployed on time. A 
company may have a lot of 
apps where they didn't think 
about the upstream problem of 
security," he said. 

Application Defense also is 
aimed at companies using 
applications where they don't 
have access to the source code 
to make security fixes, for one 
reason or another, or applica- 
tions that were deployed first 
and will be made secure later, 
said Armistead. 

The prevailing security 
approach is keeping the bad 
guys out of the network by 
building big walls, and drilling 
holes into those walls to build 
connections with applications 
and services outside of the 
network, said Armistead. So 
rather than breach the fire- 
wall, hackers attempt to get in 
through these holes. For 
example, a single quote in a 
form field could be used to 
insert a SQL call if the appli- 
cation wasn't coded with prop- 
er security. 

SPOTS UNUSUAL BEHAVIOR 

According to Armistead, 
Application Defense also can 
monitor user behavior and 
activities, so if an authenticat- 
ed user begins to exhibit 
unusual behavior, an extra lay- 
er of protection can be 



invoked, such as prompting 
the user for a password. 

The tool works within the 
production environment to 
monitor input passed back 



and forth between applica- 
tions. When it spots question- 
able input, such as an 
attempted buffer overrun, it 
stops the command from exe- 



cuting or the input from being 
passed on to a back-end appli- 
cation, and sends an alert, said 
Armistead. 

Fortify Application Defense 



is available now. Pricing is 
based on the number of in- 
stances the software is used in 
a network environment, at 
US$6,500 per instance. I 
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NEW PRODUCTS. 




VeriSign has introduced Verisign Unified Authentication-Smart 

Cards, a solution that provides companies with management tools for 
smart card and PKI deployments. It also provides a single, integrated 
platform for provisioning and managing all types of two-factor authen- 
tication credentials. 



_L 



UPGRADES 



Pervasive Software has announced the release of its Data Catapult 
migration tool on AppExchange, the software-as-a-service repository 
hosted by Salesforce.com. Data Catapult provides accurate and secure 
migration from any CRM data source or format. It also handles data 
from major databases, including IBM, Microsoft and Oracle . . . Green 
Hills Software has ported Integrity, its real-time operating system, 
to BAE Systems' RAD750 radiation-hardened microprocessor 
. . . JProductivity has released Protection 2.0, 
a licensing framework for Java that ensures that 
users adhere to the terms of application licensing 
agreements. It locks out unlicensed users and 
ensures licensed users can access only the features 
paid for . . . ANTs Software, a developer of SQL data- *\— ■-"-" 
base management systems, has announced the release of ANTs Data 
Server 3.4, a database that supports applications written for 
Informix, MySQL, Oracle, Oracle TimesTen, SQL Server and Sybase. It 
also adds compatibility with MySQL data types, functions and exten- 
sions . . . DDH Software has launched a new version of HanDBase 
Relational Database for Windows mobile-based smartphones. Users 
can have immediate access to database files they create as well as 
thousands of free database applications available in DDH Software's 
Applet Gallery . . . Real-Time Innovations has created a modified ver- 
sion of its NDDS real-time publish- ► continued on page 14 
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All Agile Processes Large and Small 

Rally adds roles for enterprise offering; creates version for teams 



BY DAVID RUBINSTEIN 

What Toyota did for cars and 
Dell did for computers is what 
Rally Software hopes to do for 
application development, with 
the Feb. 13 release of Rally 
Agile Team and Rally Agile Pro 
software life-cycle management 
solutions for agile development. 

"It's about providing lean 
practices in ways [development 
teams] understand," said Richard 
Leavitt, vice president of software 
development at Rally. 

Agile processes are noted for 
their iterative nature, with soft- 
ware delivered incrementally. 
The new editions are designed 
to help organizations — regard- 
less of size — take advantage of 
these processes. 

Agile Pro, the next iteration 
of the company's life-cycle man- 
agement software, adds support 
for requirements analysts, pro- 
gram managers and system 
architects, Leavitt explained. 
"I'll tell you why we started 
over," he said. "Until you mate 
program management and plan- 
ning, task blowout and tracking, 
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Rally's Agile Team addresses project visibility and coordination needs for 
small software organizations getting started with Agile development. 



it's difficult to roll anything up or 
communicate readiness or the 
status of any individual piece." 

Enhancements to Rally in- 
clude new story requirement 
types, the ability to customize 
fields and views for require- 
ments, test cases and defects, a 
Web services API for SOAP and 
REST that supports Rally's 
numerous tools integrations, and 
the use of AJAX (Asynchronous 
JavaScript and XML) technology 
for inline editing of require- 
ments, test cases and defects. 

Agile Team was created for 
small-budget development and 



test teams and their direct man- 
agers — accommodating up to 10 
people on a project, Leavitt said. 

The company's strategy for 
future editions includes portfo- 
lio management for use in larg- 
er enterprises, and simpler 
components that can integrate 
into IDEs, build environments 
or automated test platforms and 
flow data back into Rally's plat- 
form, Leavitt said. 

Offered as hosted solutions, 
Agile Pro costs US$65 per user 
per month, and Agile Team 
costs $995 for five users for six 
months. I 
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AccuRev Builds Bridges to Third-Party Tools 



BY DAVID RUBINSTEIN 

Version 4.0 of the AccuRev soft- 
ware configuration management 
solution, released late last 
month, includes for the first time 
out-of-the-box integrations with 



third-party issue tracking tools. 

The first integration, which 
will carry the AccuBridge 
name, is for Serena TeamTrack. 
Others are forthcoming for 
Bugzilla, MKS Integrity Man- 



ager and Rational ClearQuest. 
According to Cliff Utstein, 
AccuRev's vice president of 
marketing, AccuBridge takes 
the coding-scripting problem 
associated with integrating 



products from different ven- 
dors and turns it into a more 
simple mapping function. 

In AccuRev 4.0, which costs 
US$1,495 for a single-user 
license, the issue tracking and 
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change management piece for- 
merly called AccuRev Dispatch 
is now called AccuWork, and 
gives the ability to more easily 
link changes to tasks. An auto- 
matic change-package merging 
feature enables users to specify 
and promote change packages 
into multiple projects simulta- 
neously effectively eliminating 
regressions, Utstein claimed. 

He explained that Accu- 
Bridge SDKs for the third-party 
tools are built on AccuRev's 
Integration Service and include 
a Java API. An XML mapping 
file within AccuBridge enables 
users to set destination condi- 
tions for where data from a 
third-party issue tracking system 
should go in the AccuWork 
schema and issue repository. Or, 
users can simply map the field 
from the third-party tool to a 
field name in AccuWork; the 
AccuRev Integration Service 
verifies the field name exists in 
the AccuWork schema and 
assigns the associated value 
when updating the issue in the 
destination depot. 

"We don't try to be a one-stop 
shop," said Lome Cooper, Accu- 
Rev president. "There are a lot 
of good tools out there. We try to 
provide strategic flexibility to let 
folks use their tools of choice." 

TIGHTER INTEGRATION 

Other enhancements to Accu- 
Rev 4.0 include tighter inte- 
gration with Eclipse and 
Microsoft's Visual Studio devel- 
opment environments, with 
plug-ins now carrying the Accu- 
Bridge brand. Also, Utstein said 
the company made "significant 
improvements" to the AccuRev 
Replication Server, now called 
AccuReplica. This gives man- 
agers the ability to oversee 
globally distributed develop- 
ment teams by offering specific, 
selective replication. For 
instance, if an organization is 
working on seven projects, a 
manager can replicate just the 
project a development team is 
working on and deny access to 
the other projects, Utstein 
explained. 

AccuRev's notion of SCM 
includes streams, which are the 
multiple paths code goes down 
from creation to release, man- 
agement and updating. The 
StreamBrowser that comes 
with version 4.0 now has the 
ability to perform zooming, 
which means users can go from 
the high-level view of projects 
the browser provides to a more 
focused view of only those pro- 
jects the user needs to see. I 
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Integration Player 
Paves Road to SOA 

iWay suite includes tools for 
monitoring, security and BPM 



BY JENNIFER DEJONG 

Monitoring, security and BPM 
tools are now part of a broader 
SOA offering from New York 
City-based iWay 

The company was set to 
announce earlier this month the 
SOA Middleware Suite. "SOA is 
about a stack of technologies, and 
it is bigger than just integration," 
said iWay president John Senor 

Aimed at developers building 
service-oriented architectures, 
the suite, which starts at 
US$150,000 for a typical configu- 
ration, includes six tools, five of 
which are new Service Manager 
is an updated version of the 
company's existing Adapter Man- 
ager. Essentially the runtime 
environment that makes things 
work, it also handles tasks such as 
message routing and event man- 
agement. Included in Service 
Manager is Development Work- 



bench, which lets developers cre- 
ate workflows, mapping out, for 
example, the steps involved in 
processing a purchase order, 
such as "receive message, do 
credit look-up, check inventory 
and so forth," said Senor. 

Service Monitor keeps an eye 
on Web services, making sure 
messages have been received, 
acknowledged and processed. If 
an error occurs, it lets developers 
quickly spot where the problem 
lies. Service Policy Manager 
specifies, for example, who is 
authorized to use a service and 
under what conditions it is trig- 
gered, Senor said. Process Man- 
ager is a business process man- 
agement tool based on Business 
Process Execution Language, an 
industry standard that spells out 
how individual services that are 
part of a larger process interact. 
It's aimed at business processes 
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Adapter Designer is part of Service Manager, which lets developers model services using the built-in integrated 
development environment in iWay's SOA Middleware Suite. 



that are larger than those man- 
aged by Service Manager. For 
instance, while Service Manager 
is used for "process a purchase 
order," Process Manager handles 
the broader "pay to procure 
process," said Senor. 

Trading Manager automates 
the "electronic handshake" that 
takes place each time a company 
does business with a particular 



partner, he said. For instance, a 
developer could specify: "Com- 
municate over secure HTTP; 
use digital certificates; store 
purchase order in an MQSeries 
queue," he said. 

The final offering, Enter- 
prise Index, is powered by 
Google and stores all messages 
controlled by Service Manager 
in the Google indexing system, 



said Senor. That enables devel- 
opers to find, for example, all 
messages pertaining to a partic- 
ular purchase order, seeing 
where the message originated 
and where it was sent. 

The iWay SOA Middleware 
Suite competes with offerings 
from BE A, Cape Clear, Fiora- 
no, IBM and Sonic, among 
others. I 
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< continued from page 8 

and-subscribe communications middleware. With the software, devel- 
opers can deploy a common communication scheme across industrial 
control networks . . . Version 1 of Studio Enterprise 2006 has been 
released by ComponentOne. It includes SmartDesigners, a tool for sim- 
plifying design time and enhancing productivity on .NET Framework 
2.0. Also included is ComponentOne Preview for .NET, adding printing 
and print preview capabilities, ComponentOne WebMenus and Web- 
Bars, ComponentOne ADO .NET and ComponentOneMaskEdit for 
mobile devices . . . LogiGear, provider of solutions for software test- 
ing, has released TestArchitect, a keyword-driven test automation 
framework for global test teams. New features include support for 
Infragistics' NetAdvantage library of advanced GUI components and 
support for remote test execution on multiple machines . . . Embed- 
ded software solutions provider MapuSoft 
has announced Windows XP support in its OS 
Charger and OS Abstractor tools. OS Charg- 
er allows embedded applications to be easily 
ported from Nucleus, POSIX and VxWorks to 
a Windows XP-based device. OS Abstractor allows RTOS applications 
to run on Windows XP . . . ApTest has updated ApTest Manager to ver- 
sion 2.14. New features include the ability to run on Mac OS X servers, 
automatic e-mail notification, an unlimited number of saved report 
configurations, and reporting in users' time zones . . . Apacheta has 
released VisualACE 2.0, a development toolkit for Microsoft Visual 
Studio .NET. It features round-trip engineering from business process 
workflow diagrams to .NET or Java code. When integrated with Visual 
Studio, VisualACE allows developers to fill in the business logic behind 
each task using the standard Visual Studio . . . Eclipse 3.2 
Milestone 4 was released on Dec. 16. The update adds drag handles to 
the IDE's interface, filtering for import/export functions, and support 
for dynamic help content, among other improvements. 




PEOPLE 




Patricia Sarica has been named managing editor of 
BZ Media's SD Times and Software Test & Performance. 
Sarica has been with the company as chief copy editor 
since the launch of SD Times in February 2000. Prior to 
that, she worked at Gruner & Jahr as associate manag- 

SARICA ing editor of Child magazine, and at Ziff Davis, Bantam 
Doubleday Dell and CMP Media . . . Palm has promoted Ronald R. 
Rhodes to SVP of global operations. Rhodes has more than 30 years 
of experience in supply-chain operations and manufacturing 
. . . Carl Bass, COO of Autodesk, has been named president and CEO, 
as well as being appointed to the company's expanded board of direc- 
tors. Carol Bartz, who has served as CEO since April 1992, will become 
the company's first executive chairman of the board. Bass' responsi- 
bilities include sales, marketing and product development. Bartz will 
focus on building the business for Autodesk . . . PassMark Security, a 
software security company for online banking and e-commerce, has 
announced Lin Johnstone as CEO. Johnstone previously served as 
CEO of two NASDAQ-listed technology companies and has held senior 
positions at Aspect communications, including VP of North America 
and EMEA . . . Marc Breissinger has been promoted to CTO at Web- 
Methods, a provider of business integration software. He had served as 
the company's chief architect, supporting the development of the 
WebMethods Fabric product suite . . . McCable Software has promot- 
ed Dale Brenneman to the position of VP of software quality solutions. 
He had served as director of McCable IQ Solutions since 2000 . . . CA 
has named Mark Barrenechea as EVP and CTO, and Yogesh Gupta as 
SVP of business development. 



, STANDARDS , 



The Interconnect Software Consortium of The Open Group has 
announced version 2.1 of the Interconnect Transport API (IT-API), an 
API for remote direct memory access. Version 2.1 adds new memory 
management features and support for iWARP and InfiniBand 1.2. 1 



Project Management: 

The Forgotten Piece of ALM? 



BY JENNIFER DEJONG 

From design to deployment, 
ALM players talk up the bene- 
fits of life-cycle tools. But when 
it comes to project manage- 
ment, they aren't saying a word. 

That's not because project 
management software isn't used 
for development projects. It is. 

And it's not because compa- 
nies that sell ALM software 
don't integrate their offerings 
with Microsoft Project, or the 
widely used project manage- 
ment tools from Philadelphia- 
based Primavera. Many do, 
including Borland, IBM, 
Microsoft, MKS and Telelogic. 

So, why are ALM players 
silent on the subject of project 
management? "Project man- 
agement tools have never 
solved the problem of why soft- 
ware is late, or why projects 
fail," said Bill Shaw, vice presi- 
dent of life-cycle solutions at 
Telelogic. 

Project management tools do 
a good job of producing sched- 
ules and allocating resources but 
a poor job of conveying develop- 
ment effort status, said spokes- 
men for ALM tools companies. 
That's largely because data per- 
taining to software projects has 
traditionally been subjective. 

"You can say a project is 40 
percent done, but you might as 
well make up any number you 
want," said Dave Martin, vice 
president of product manage- 
ment for MKS. 

Once a project kicks off, 
there is no good way to measure 
its success, added Ashok Reddy, 
IBM program director for 
Rational brand portfolio mar- 
keting. "A developer can say a 
project is 100 percent compete, 
but defects may still be there." 

The ALM tools companies 
agreed project management 
software wasn't written with 
development projects in mind. It 
is geared, they said, to more 
engineering-like efforts, where 
task duration tends to be pre- 
dictable. Ask a carpenter how 
long it takes to hang Sheetrock, 
and you'll get a reliable answer, 
said Greg Rice, a senior director 
of product marketing at Borland, 
which offers ALM tools and ser- 
vices. "But in software there is 
uncertainty about these things." 

But as top management 



demands better software, 
faster — and insists on deeper 
visibility into development pro- 
jects — project leaders are mov- 
ing beyond ad hoc estimates, 
importing more pertinent infor- 
mation, such as work tracking, 
requirements, change manage- 
ment and testing data into pro- 
ject management tools. Armed 
with accurate data from ALM 
offerings, project management 
tools can help development 
teams make their case to the 
business side of the house. "For 
the first time, you can explain 
the real impact of a change 
request," said Shaw. "That 
enables development managers 
to say, Tou have to reduce the 
scope of the project or extend 
the delivery date,' " he said. 

WHAT TO MEASURE? 

How do you get it right? It's 
critical to determine which 
ALM data to import and which 
metrics collectively convey the 
most accurate view of a pro- 
ject's overall status. "Companies 
struggle to figure out what 
makes sense," said Martin. Usu- 



ally, it's a combination of met- 
rics, viewed at once, in what 
Prashant Sridharan, a group 
product manager in Microsoft's 
developer division, calls a veloc- 
ity report. "Instead of just 
counting bugs, you also have to 
consider code coverage, and 
unit and load testing," he said. 

Another strategy is investi- 
gating where team members 
are spending the most time and 
looking for patterns that spell 
trouble, said Martin. "If you 
spend a lot of time investigating 
use cases to figure out how 
defects occurred, and your 
defect rate is still high, you have 
a problem," he said. "You have 
to hone in on the source of the 
problem." 

Also important is the ability 
to view a project in terms of 
how it relates to a company's 
business objectives, said IBM's 
Reddy. "You may be doing great 
in terms of project costs. But if 
you don't have the best devel- 
opers assigned to the most crit- 
ical projects, you are in trou- 
ble." The best project managers 
can drive that process, he said. I 




TOOLS FOR MANAGING PORTFOLIOS 



When it comes to running development 
efforts, project management tools still 
rule, ALM tools companies agreed. But 
some ALM companies are moving beyond 
that approach, offering software designed 
to oversee a portfolio of information tech- 
nology projects, not just development ini- 
tiatives. 

Borland Software was expected to 
unveil one such offering on Feb. 14. The 
IT Management and Governance Solution Portfolio management 
includes Borland Tempo, which the com- provides a wide view of 
pany acguired from Legadaro Software it, says IBM's Reddy. 
last October, said Greg Rice, a senior 
director of product marketing at Borland. 

For portfolio management, Tempo lets companies manage 
multiple projects simultaneously, sharing resources among 
them, and prioritizing tasks, he said. Borland plans to begin inte- 
grating Tempo with its ALM tools, including StarTeam (for con- 
figuration management) and CaliberRM (for reguirements) in 
June. The company also plans to tie Tempo to its ALM suite, Core 
SDP, said Rice. 

Like project management offerings, portfolio managers track 
costs, schedules, resources and progress for each project. But 
their real purpose is to provide a wider view of all of a company's 
IT initiatives, said Ashok Reddy, IBM program director for Ratio- 
nal brand portfolio marketing. That helps companies identify 
overlaps and avoid redundant costs, he said. IBM Rational Portfo- 
lio Manager, released late last year, also includes best practices 
advice, and is tied to the company's Rational Software Develop- 
ment Platform. -Jennifer deJong 
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Oracle Updates App Server, J Developer 

Latest iterations called major steps toward completion of Fusion middleware 



BY ALEX HANDY 

During the last days of January, 
Oracle released updates to its 
Application Server, JDeveloper 
IDE, and TopLink persistence 



and transformation engine. 
Oracle categorized the updates 
as major steps toward comple- 
tion of its Fusion middleware 
platform. 



JDeveloper underwent a 
major overhaul of its interface 
and capabilities for the new 
version, including support for 
AJAX (Asynchronous JavaScript 



and XML) and the addition of 
more than 100 JavaServer Faces 
(JSF) components, which the 
company claims will ease appli- 
cation creation using off-the- 
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shelf parts. Also included are 
more than 35 new re factorings, 
Enterprise JavaBeans (EJB) 
3.0 support, and the ability to 
code UML and XML within 
the IDE. 

JDeveloper has been stream- 
lined for ease of use, with facil- 
ities for code assistance and 
support for Oracle ADF, the 
company's application develop- 
ment framework. 

Oracle Application Server 
lOg R3 also now supports EJB 
3.0, and got a new version of 
the Oracle Container for Java 
(OC4J). The company also has 
released a stand-alone version 
of OC4J, version 10.1.3, which 
can be used outside of an Ora- 
cle environment under both 
Linux and Windows. 

Oracle has integrated rules 
management facilities into 
lOg, including support for Ora- 
cle Business Rules, and the 
Oracle Enterprise Messaging 
Service. 

JDeveloper and lOg R3 
both use the model-view-con- 
troller model of application 
design. This means that each 
aspect of a program — the 
interface, back end and exter- 
nal interactions — can be mod- 
ified and reworked indepen- 
dently of the rest of the 
application. 

The MVC model has been 
widely adopted, including in 
experimental and open-source 
Web framework communities, 
such as the Ruby on Rails 
framework. 

To accomplish this indepen- 
dence of interface, back end 
and external interactions, Ora- 
cle has used facilities provided 
by the Java community at large: 
JSF handles the view, Struts 
handles the controller, and EJB 
takes care of the model. 

MAP OBJECTS TO XML 

Oracle TopLink 10.1.3, the per- 
sistence and transformation 
engine for lOg, also has made 
the jump to EJB 3.0. A major 
new feature in TopLink is the 
ability to map existing Java 
objects to XML. 

The mapping information is 
not stored within the Java class- 
es or the XML schema, which 
according to the company gives 
developers the ability to quickly 
modify mapping information 
when classes and schema are 
changed. I 
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Quest to Capture the User Perspective 



BY EDWARD J. CORREIA 

Web application performance 
management often involves sift- 
ing through endless server 
error logs, or attempting to 
recreate a failure that the user 
experienced. But sometimes 
there's just no better way to 
know what's going on than to 
trade places with the end user. 

Quest Software this month 
was set to release the Foglight 
Experience Viewer, an appli- 
ance-based solution that moni- 
tors Web server activity and can 
record usage and play it back 
through a Web browser or dis- 
play the activity live. 

While the use of record and 
playback solutions for testing is 
certainly not new, Mike Bowe, 
director of product management 
at Quest, said his company's 
solution captures not only 
mouse clicks and screen refresh- 
es, but also the application data. 
This intelligence, he said, can be 
further analyzed to help 
improve the bottom line. "For 
example, an airline booking site 
can identify sessions looking for 
costs of flights coming out of 
L.A. to help make sure the com- 
pany is offering the right types 
of deals and prices." 

The technology also can be 
used to identify, alert and track 
nonstandard or suspicious 
usage. "It can alert me if some- 
one looks for a flight out of L.A. 
with three different destina- 
tions in a span of 10 seconds, or 
if bookings are under a certain 
dollar amount." 

The tool also detects the 
browser type being used by the 
end user, helpful for solving ren- 
dering-related issues. "It helps 
you identify that certain browser 
types are seeing the same condi- 
tions or whether forms are trun- 
cated or not displayed," Bowe 
said. Such recordings also can 
benefit development teams. "I 
can save off a session and send a 
link to a development group for 
further problem recreation." 

Another benefit, Bowe said, 
could be to help resolve end- 
user disputes. "If a customer 
goes to a hotel's Web site and 
requests a vacation package and 
later disputes the charges, the 
Web host would have a visual 
representation of that order." 

Foglight Experience Viewer 
is the final component in the 
company's End User Manage- 
ment suite, and includes tech- 
nology that Quest acquired in 



December along with Internet 
performance management tool 
company Xaffire. 

The suite also includes a 
transaction recorder that Bowe 
said differs from the new prod- 



uct in that it records only so- 
called synthetic transactions 
and cannot display live views. 
"Synthetic transactions are arti- 
ficial — they don't represent 
actual response times of an end 



user." A third module monitors 
the user experience to assess 
application performance and 
availability. The suite now adds 
the ability to monitor live or 
recorded sessions in real time. 



The Foglight Experience 
Viewer appliance, which was 
scheduled for release on Feb. 
7, costs US$7,000, plus $5,000 
per HTTP server processor 
with a 16-processor minimum. 
The software runs on Apache 
1.3 or 2.0, Microsoft IIS 5 or 6, 
and Sun Java System Web 
Server 6.1. I 
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Shunra Automates Testing in Virtual Enterprise 4.0 

Network simulation system now includes graphical tool for reporting results 



BY ALEX HANDY 

Shunra Software has added 
automation capabilities to its 
network simulation environ- 
ment, Shunra Virtual Enter- 
prise 4.0. The new version also 
includes new reporting capabil- 
ities to better communicate test 
results. Shunra Virtual Enter- 
prise 4.0 is available now for 
US$70,000. 

Ami Chai, Shunras director 
of product marketing, said that 
the new automation features 
offer significant benefits to 
users. The automation en- 
hancements come in the form 
of two new applications within 
the suite: VE Profiler and VE 
Predictor. 

"They both address the ser- 
vice-level compliance of applica- 
tions from two different angles," 
said Chai. "What the VE Profiler 
does is it lets you take an appli- 
cation and understand how it 
would behave under a wide 
range of network conditions." 

Chai said that the profiler 
now automatically runs applica- 
tions through myriad network 
conditions and tests the ability 
of the application to hold up to 
changing network conditions. 
"Through this entire process," 
said Chai, "the system monitors 
the response time of the appli- 
cation. Let's say you want users 
to log in in seven seconds and 
issue [a] report in 20 seconds. 
Based on the compliance with 
these objectives, it tells you 
what are the breaking points of 
the application." 

Chai went on to describe VE 
Predictor, which he said 
addresses service-level compli- 
ance analysis from a different 
angle than VE Profiler by 
allowing testers to define a net- 
work topology to mimic how 
the application is to be 
deployed. "We begin with the 
network we expect this to be 
launched against." 

As an example, Chai offered a 
scenario in which three offices 
around the world connect to a 
central application. "You can 
define three branch offices: one 
in Tokyo, one in London and one 
in New York," said Chai, "And 
similarly to [VE] Profiler, you 
define service-level objectives. 
The system would automatically 
expose the application to the 
conditions in each branch office, 
then issue a report on how well 
the application [behaved] in 



each office." Performance met- Virtual Enterprise 4.0 adds able. Shunra VE version 4 can be displayed in easy-to- 

rics could include responsive- numerous optimizations and also adds new reporting tools read charts and graphs so that 

ness, speed, availability, stability enhancements to make the so that users can print out even those in the organization 

and service consistency. process of network simulation detailed reports on test re- without technical expertise 

Chai also said that Shunra testing easier and more reli- suits, he said. These results can be kept in the loop. I 
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Jitterbit Prepares EAI Solution for the Masses 



BY ANDY PATRIZIO 

Companies looking to link 
applications on a departmental 
or small-business level often 
have found themselves over- 
looked by the providers of 
enterprise application integra- 



tion software, according to the 
CEO of a start-up called Jitter- 
bit, which is looking to fill that 
space with a like-named open- 
source application integration 
solution, due later this year. 
"EAI systems are highly 



complex and difficult to imple- 
ment," said Sharam Sasson, 
CEO of Jitterbit. "What we are 
proposing is a model where we 
[cost] a fraction of the price. 
We want this tool to be so sim- 
ple we will change the para- 



digm of integration. 

Sasson asserted that solutions 
from EAI vendors — a long list 
that includes such companies as 
IBM and TIBCO— are meant 
for the high end of the comput- 
ing scale by the largest of firms. 
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Paul Tebbutt Technical Lead Universal Music Group 



Doron Grinstein Technical Director, 
Information Technology, Walt Disney Studios 




Working with SQL Server 2005 
just got a whole lot easier 



upgraded 



SQL Compare 4.0 

$295 




SQL Data Compare 4.0 

$295 
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SQL Packager 4.0 

$390 
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SQL Toolkit 4.0 




Red Gate's SQL tools are the most talked-about 
tools in the SQL Server space for one simple 
reason: they make your life simpler. 

Now, with our fully re-engineered SQL Server 2005 tools, you can: 
migrate your SS 2000 schemas upstream to SS 2005 
compare and synchronize with embedded CLR objects 
track version changes for all the new database objects 
compare new XML datatypes and examine XML fields 
package up your SS 2005 databases as compressed .exe files 



exploit new datatypes with our command-line toolkit 
to automate all these scheduled tasks and more 
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Visit www.red-gate.com for your 
4-day, fully functional, free trial. 
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\J software 
ingeniously simple tools 



Their products aren't meant to 
integrate a group using Office, a 
database and an e-mail server. 
That's exactly the market Jitterbit 
intends for its software; pricing 
has yet to be finalized. 

Jitterbit provides a point-and- 
click interface between a server 
and an application, said Sasson, 
and the rest is done by wizards. 
Jitterbit will support most com- 
munication protocols, including 
FTP, HTTP, file shares, Web ser- 
vices and databases using any 
ODBC driver. It will recognize 
both flat and hierarchical data 
formats, including XML, EDI, 
X.12, Edifax and XML DTD 
schemes. JNI and JDBC will be 
added in the future, said Sasson. 

Jitterbit will come in two edi- 
tions — an unsupported open- 
source version and a commer- 
cial product, which he said will 
add administration tools, scaling 
and clustering, warm failover 
and an upgrade migration tool, 
plus full help-desk, training and 
consulting from the company. 

Source code for Linux and 
Windows is available now at 
www.jitterbit.com under an 
amended version of version 1.1 
of the Mozilla Public License. I 

Symantec Boosts 
i3 App Monitoring 

BY ANDY PATRIZIO 

Symantec has released version 
7.5 of its i3 application perfor- 
mance management software, 
formerly known as Veritas i3, 
adding support for Sybase data- 
bases and a number of im- 
provements in its end-to-end 
monitoring abilities. 

i3 is designed to track the 
performance of a Web applica- 
tion from the browser input to 
the back-end systems. 

New in version 7.5 is sup- 
port for Sybase ASE databases. 
i3 has supported Oracle, Micro- 
soft and IBM. 

J2EE support has been 
enhanced with Portal Server 
Management for IBM Web- 
Sphere Portal server and BE A 
WebLogic Portal server to show 
portlet performance over time. 
Also new in 7.5 is support for 
Microsoft's .NET platform 
across all tiers. Previous versions 
supported analysis only at a sin- 
gle point. 

Also, i3 7.5 will track perfor- 
mance in a mixed J2EE/.NET 
environment, something it could 
not do in the prior versions. 

Symantec i3 7.5 is available 
now at a starting price of 
US$1,500 per processor. I 



Naturally Integrated" 





Chart FX for Visual Studio 20Q5 



The Most Tightly Integrated Data Visualization 
Tool Available for Visual Studio 2005 

Evidence of this is the Smart Tag Wizard that exposes many of the properties to 
select and display in neat-lime. There is also a Data Wiiard which allows yioo to 
quiddy connect to a data source, map specific fields to the chan ajid instruct the 
chart how to use the data. The new API was designed vvit-1 the Visual Studio 2005 
object model In mind to make it easier to access complex functionality. Chart FX for 
Visual Studio 200S adds a DHTML rendering engine that uses the AJAX 
(Asynchronous JavaScript and XML) web development technique to produce chart 
images that allow full interactivity and support state in web applications. The new 
Extensions Manager standardizes the infrastructure fof using the Chart FX 
Extensions, such as financial, statistical, maps and OLAP, among others. The Chart FX 
Resource Center provides a "Programmer's Guide" the Chart FX API, an Internet 
Reference and a wealth of samples and charts [with code). Leam more about the 
rewn/ers integration Qnd powerful fmturmat www so ft ware fx.com 
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Mono Now Feature-Locked; Team Fixing Bugs 



BY EDWARD J. CORREIA 

With the release last month of 
Mono version 1.1.13, the open- 
source .NET implementation is 
now in feature-lock — only bug 
fixes will now be applied — and 
Novell and Mono developers 



declared the release sta- 
and ready for enterprise 



have 

ble 

adoption 

Seeming to echo that senti- 
ment was Red Hat, which also in 
January announced that it would 
adopt Mono in Fedora, its open- 



source Linux implementation 
and technology pressure-cooker. 
"With Red Hat including Mono, 
the big question of adoption is 
now gone," said Miguel de 
Icaza, Novell's vice president of 
developer platforms and main- 



tainer of Mono. 

Novell has pledged to main- 
tain bug fixes on version 1.1.13 
for the next seven years, he 
added. "It's feature-complete; 
we're now just working on the 
bugs." 



ytelerik 



efcflwf ™w than 




The AJAX Revolution. Join in. 

The first component suite that makes AJAX development easy. Very easy. 



U1ff »'«~l 




T>*. 


Hi. 


J 




!"i 1 1 • m~t 


tana 


ban] Mm- 


Bnrii 


E*..* 


'c ■£-/.;,, :>i- 


4nn*j]K-H 


lOMoflrtLftrt* 


Liu*!-. 


UDhtdStl^l 




■w 


h.-*j^iJ7 


UrtiriStow 




*■ 


frfHtfe- 


.,- * j* - i-i;-j * 





Fid Edt va* Help 

; _ fieutf _j 6flndfftNEwa 



P- fieda -ft \Jran 



|uritfr 



L -f»ll r J 



TtHlfe* 



z< Jtalnc Sbsvwr 

J i.AjAcBrtiDE&Hill 

F*mri_P#*L**. 



iLrt 



V 



utrmn 

It*tT - 

HUM M-Mtth 



ulTliiii ill 



tj rw t n 

■ nnir 
I idii iHSw 
il-itil ititttji 




Hire- 1-B « d.*!* 



Fl'l • fc ■ I r.M.il >ri 






i Sax* Bom* 

v 
" flu Ratal. - 1* miiL-cri'LH LT-faF*-.^- 

: Wrr ffJ-i.^H-i i—minli >frl =»iiJr 



JhirV-T-H#i AJWJf f irppurT in Qftiiotn-*.ittniJwii 
f.'i:-;: ■"i-i-.-i-: f^nd, tf*avteut, ccwbotinx, tit.} 

Sliiip(y trtch* A-IAS properly t-a ci-uu and 
worJi wMi 1 C D.OOD s nf record* In real tunc. 



fnrJiHfn; tf^dfr j.ff.rf.cffJTimfr,. o net rf 13 

Bu il-.l highly Interactive data (ollgefclcin Tor-rn e jrtd 
wi s sroX voiding unnecessary page reloads. 



HwjTNHr re rajah Ee UrsuJEEfar^SANET, 
am 1 w^ft AriM j.^jf tote w*ritfiVir*. 

Jtchleut- feha Ul PichAKf at Web GucltiCik" 
in all jwurweti application:. 




r.accooirols 

Revol utionizmg AJAX development for A5P.MET. 



www,t£lertk.conn/AJAX 



See us ut? 

REAL - WORLD 



MLDCEPTTIFIED 



Of*™ 1 * 2003 

(^ffiuaJStudk^nor 2005 




Hfnlrwr 

r Hw# fork. Mirth- 1 J, 2406 

wwYMuAjaxSeiin lftaf.com 
rftFtcrfiTfflnSyS-COW.TV 



Also new are Mono packages 
for Solaris on SPARC and ARM, 
the latter of which is the first for 
a mainstream embedded plat- 
form. Mono was previously avail- 
able on several versions of Linux 
as well as BSD, Mac OS X, 
Solaris Windows and several 
processor architectures. 

Another significant addition 
in 1.1.3, de Icaza said, is sup- 
port for Microsoft's IronPython 
(version 0.96) and Nemerle, a 
high-level C#-like program- 
ming language for .NET. 

In addition to Mono's C#, 
Java, JavaScript and Visual Basic 
.NET compilers, open-source 
compilers are available for 
Nemerle and Boo (a scripting 
language for .NET similar to 
Python), Oberon, Python, PHP 
and others. Several commercial 
compilers also are available, 
including one for #Smalltalk. 

Mono now has its first 
debugger. "That has been a sore 
issue for a long time," said de 
Icaza. Novell pushed hard for 
the tool, he said, which thus 
far has been implemented for 
32- and 64-bit x86 platforms 
only. "But it's easy to port," he 
said. "[Novell] also gave us a 
developer from the desktop 
team to help." What did Mono 
developers use before the 
debugger? "Real men use 
printf," he said, wryly. 

MONO TORNADO 

de Icaza believes the adoption 
of Mono by mainstream compa- 
nies and Novell itself has broad- 
ened its appeal to others. Mono 
1.1.13 is being integrated with 
SUSE Enterprise Linux edi- 
tions and is a core component 
in Novell's iFolder network syn- 
chronization application and 
ZenWorks management sys- 
tem, both of which are ready 
for commercial deployment on 
servers, he said. 

It was because of ZenWorks, 
de Icaza said, that Mono came 
to support IBM's s390 systems 
and mainframes. "Now we're 
integrating ZenWorks into 
SUSE, which supported a num- 
ber of platforms that Mono did 
not support," which also includ- 
ed Intel's Itanium. 

Another important Mono- 
based application that de Icaza 
believes will spur adoption is 
Beagle, which he said is the 
Linux equivalent of Google 
Desktop. "Now you're seeing 
that be integrated into other 
applications and becoming the 
search engine for the Linux 
desktop. It's the applications 
that drive adoption." I 
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Microsoft Elixir Hawked as Tonic for Integration 



< continued from page 1 

about all the time," said Tim 
O'Brien, group manager for the 
platform strategy group. 

Like many enterprises of its 
size, Microsoft was facing the 
vexing problems created by mul- 
tiple databases with siloed data 
and multiple financial systems. 
These are common problems. 
According to 2003 research by 
business process advisory firm 
The Hackett Group, the average 
US$1 billion company maintains 
48 disparate financial systems 
and uses 2.7 ERP systems. 

Because of this, a customer 
would often be entered into 
multiple databases, but Micro- 
soft had no way of knowing this 
because there was no horizon- 
tal integration across systems. 
Another problem: Microsoft 
employees using SiebePs CRM 
applications weren't keen on 

Redknee Sends 
Enterprise SMS 

BY EDWARD J. CORREIA 

Redknee in January released 
version 7 of its Enhanced Mes- 
saging Gateway, an update to its 
messaging platform for carrier 
networks. The platform can be 
used by enterprise developers 
to create applications that easily 
communicate with large num- 
bers of field service workers 
using Short Message Service. 

The Enhanced Messaging 
Gateway provides organizations 
with a means to supply, track 
and potentially monetize the 
movement of enterprise con- 
tent such as inventory data, 
client account information, 
stock quotes or other informa- 
tion to SMS- and Multimedia 
Messaging Service-client sub- 
scribers, either on demand or at 
scheduled intervals. 

According to Jeff Popoff, vice 
president of marketing at mes- 
saging solutions provider Red- 
knee, enterprise developers can 
access the service, through a 
SOAP and XML interface or 
through a CORBA runtime 
binding. Fees range from a few 
cents to several dollars per mes- 
sage, he said, depending on the 
geographic region. 

Broader uses for the service, 
Popoff said, include security and 
weather warnings. "They're look- 
ing [for] ways to do Amber Alerts 
and emergency warnings in larg- 
er areas like counties or cities," 
he said. I 



the Siebel client, which isn't 
the strongest part of Siebel's 
offering, as O'Brien diplomati- 
cally put it. 

Elixir uses Outlook 2003 as 
its front-end interface. Micro- 
soft created an Outlook add-in 



called Customer Explorer for 
its sales force that adds a folder 
to the other Outlook folders, 
containing the applications for 
data access. 

The amount of integration 
work needed to implement the 



solution will depend on how 
many systems in the company 
need to be connected and the 
complexity of those systems. 

But easy or hard, developers 
choosing to follow Microsoft's 
lead are on their own. "This is 



just an internal project we chose 
to share with the outside world; 
we're not licensing or charging 
money" or supporting the code, 
said O'Brien. However, he 
added that if there were enough 
demand to make it worthwhile, 
Microsoft would consider work- 
ing with consulting partners to 
assist in deployments. I 




.' Client Devdop*r 

EMqMI-< dewdnpment pr«E5ii 

("li||p"VHilh MifWlNfll-CriMl'taiiiG 

UOftJJ^KK^n jnd slmjiltf Ion 
fyatUPH 



resting 

Le^Er^gc-anchllDEFi MamplE-icrSali 
efiifty tiHtilH fitful* ip5-h*>j-i THIS j 



Suppwt Stiff 
taplurt all asicdrfrd problem 
i 111 jles Ink a .Vc -d\irt\ -Shared 
WGriL&p3t*\*l£*wflB.anji |^m 
Tiembcf (xj rvpinducr a problem 
z: the push af a builor 



- Governance 
■Testing 

- Diagnostics 

- Support 









The M i nd reef Coral platform provides collaborative 
tools for the XML software layer that increase 
productivity and quality throughout the entire S0A 

lifecycle. 
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Kent Beck: New Thinking for JUnit 4 



< continued from page 1 

cant architectural shift since the initial 
launch in 1997. 

SD Times talked to Beck about 
advances in the tool for Java 5, the influ- 
ence of rival products such as NUnit and 
TestNG, and about how the projects 
philosophies have changed since Massa- 
chusetts Institute of Technology graduate 
student David Saff joined the team. 

SD Times: What changes will developers 
see in JUnit 4, and why do you consider 
them to be the most significant ever? 

Kent Beck: The biggest one is the use of 
annotations to mark what are tests. 
Before, marking what was a JUnit test 
was all done by convention. You'd sub- 
class the test case and you'd begin a 
method with "test" and that meant 
something special. 

The problem with that style of meta- 
data is [that] the compiler can't help you 
at all. With annotations, if you've trans- 
posed the "s" and the "e" in "test," the 
compiler can tell you that. So you get 
early feedback that you're having prob- 
lems. The goal is to make it simpler. 
Yet you've said JUnit will be more power- 
ful. In what ways? 

Extension capabilities are more power- 
ful. For one thing, you don't have to 
make your tests a subclass of any partic- 



ular test. So you can use inheritance 
freely to organize tests. That was much 
more restricted in the previous version. 
The [Test] Runner architecture, and 
that's the stuff we're nailing down here 
towards the end, is also more flexible. If 
you want your tests run in a particular 
way, for example, by loading each test 
with a new class loader — somebody 
asked if it's possible to do that. And it 
turned out that it was a matter of a couple 
of lines of code to do that now; it would 
have been much more challenging to do 
that same thing in the previous version. 
TestRunner has been criticized by devel- 
opers as being inflexible. Cedrick Beust, 
creator of rival tool TestNG, said that 
since TestRunner accepts only one argu- 
ment, you cannot create a variable that 
contains a list of tests. Is that true? 
I would need to get a clarification of 
exactly what is being said there. It's cer- 
tainly possible now to have parameter- 
ized tests, which is something people 
have asked for in the past and was diffi- 
cult to support. That's an extension that 
will ship with the JUnit 4 base release. 
The particular case he seems to be ask- 
ing for is a list of the names of classes to 
run as tests. That would be a very easy 
thing to implement in JUnit 4. 
Beust posted on his Web site that he cre- 
ated TestNG because of deficiencies in 
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JUnit, such as a test case having to be 
instantiated as many times as it contains 
methods. Is this a deficiency or a feature? 

That was a deliberate design decision in 
the very first Smalltalk version of the 
testing framework, and it's the same 
today. A very important principle to me 
is that the tests are isolated from each 
other. If one test fails or succeeds, it 
should have no effect on the success or 
failure of any other test. 

The particular feature Cedrick is 
complaining about was put there delib- 
erately to support tests acting in isola- 
tion and not interfering with each other. 
I don't see any reason to change that. 
How much influence have tools like TestNG 
and NUnit had on JUnit? 
We take input from a lot of people. The 
most valuable input we get is from peo- 
ple who are actually trying to use our 
tool. I don't see [TestNG] so much as an 
influencer. 

We were certainly influenced by 
NUnit in the architecture of our new 
system. That was the first usage of anno- 
tations for tests that I had seen. At the 
time it came out, it was really well done, 
and Java at that point didn't have anno- 
tations. So when annotations became 
widely available, we took advantage of it. 
How has having David Saff on the team 
influenced the project? 
He's just new blood; new energy. He had 
a big role to play in JUnit support in 
Eclipse. He comes to the team with the 
perspective [of] how can we better sup- 
port the IDE developers? Part of it is 
[that] he's doing his thesis research on 



testing at MIT. So he's been thinking 
about these issues from a different per- 
spective, being around the people you 
find at MIT. So he thinks different 
thoughts about tests than I do, and I 
have a lot to learn from him. 
What does the future look like— will there 
be a JUnit 5? 

I haven't given a single thought to JUnit 
5. 1 want to see what the response is like 
[to JUnit 4] . There's a couple of scenar- 
ios. The [JUnit 3] architecture has 
remained stable for a long time, and one 
of the possibilities is that people will just 
stick with that. 

We've been very careful in JUnit 4 to 
maintain complete backward and forward 
compatibility so you can run JUnit 3 and 
JUnit 4 tests without any problems. You 
can run JUnit 4 tests through older gener- 
ations of tools and they'll run no problem. 

One scenario will be that JUnit 4-style 
tests will become a niche; people will use 
it, but there will still be lots of JUnit 3 and 
earlier style tests out there. If that hap- 
pens, I can imagine incremental improve- 
ments and new runners as they prove 
themselves to be widely useful. 

The alternative is [that Java 5] takes off 
and the JUnit 4 style of tests is widely 
adopted. Every chance I get I use JUnit 4 
style tests; I think they read better, they 
look cleaner, and they're easier for me to 
write. So I think there are some advan- 
tages, but I'm not sure if the advantages 
are sufficient to overcome the inertia. If 
they are, then that's the point at which 
we'll start thinking seriously about what 
else we might want to do with it. I 



JUnit 4 Adds Annotations 



BY ALEX HANDY 

Annotations and support for Java 5 are 
key new features of JUnit 4, and the first 
beta of the updated open-source unit 
test tool is now available for download. 

Kent Beck, co-author of JUnit, said, 
"Our goal has always been to have a very 
simple, appealing tool to support testing 
for programmers. Programmers, gener- 
ally speaking, figure their plates are full, 
so adding testing to that can be a chal- 
lenging sell. So we've always tried to 
design JUnit so that it was the minimal 
barrier of entry to write tests. We're 
using Java 5 annotation facilities to 
make test-writing easier. What we dis- 
covered along the way is that we were 
able to add some significant flexibility to 
the framework." 

The new version, which should be 
ready for release this summer, will include 
a smaller, more concise API that is more 
powerful and easier to use, Beck said. 

Beck said that JUnit 4 also was heavi- 
ly influenced by NUnit, a .NET unit test- 
ing tool. NUnit introduced annotations as 
a method of writing tests into code. 

Andy Glover, CTO of unit testing tool 



provider JNetDirect, welcomed the 
update, saying JUnit had not supported 
some methods Glover said he uses. 

"JUnit is somewhat inflexible in the 
sense of there is this notion of fixtures in 
JUnit — of your setup and your tear- 
down," he said. "The JUnit model is very 
strict in the sense that you have to have 
a fixture for each test case. 

"Another thing you can't do very well 
in JUnit is group tests," he continued. "A 
true unit test should run in a couple of 
seconds. Then there are integration 
tests, but they use a database or a file 
server. Then there are system tests. But 
as you go up that stack, the test case 
itself takes a lot longer to run, and that's 
where test grouping comes into power. I 
can run those tests at different frequen- 
cies. I wouldn't want to run my integra- 
tion tests every time I check in code, 
because they take a long time." 

Aside from test grouping, all the 
issues Glover had with JUnit have been 
addressed in JUnit 4. Group tests, also 
known as categorizations, Beck said, will 
be addressed in a future release — not in 
the initial release of JUnit 4. I 
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GPL 3.0 Changes the Way FSF Looks at Open Source 



< continued from page 1 

The proposed update, which 
the Boston-based nonprofit 
organization expects to finalize 
no later than March 2007, gives 
developers the right to combine 
GPL 3.0 code with code gov- 
erned by other licenses. That's a 
significant departure from GPL 
2.0, which mandated that any 
code that included GPL- 
licensed components fell under 
the GPL. 

"It's a big difference in how 
we see open-source software," 
said Eben Moglen, general 
counsel for the FSF and co- 
author (with FSF founder 
Richard Stallman) of GPL 3.0. 




The GPL 3.0 draft does not 
specify a definitive list of com- 
patible licenses. But under the 
new terms, an application could 
include Apache code, which 
adheres to the Apache license; 
Eclipse code, which follows the 
Eclipse license; and GPL code, 
governed by its own license, said 
Moglen, offering an example. 

Because GPL 3.0 code will 
make its way into enterprise 
applications, it's critical for 
developers who build such 
applications to understand GPL 
3.0, said Diane Peters, general 
counsel for the Open Source 
Development Lab, a nonprofit 
group that promotes enterprise 



'Willingly or 
unwillingly, 
enterprise 
developers will 
run into GPL 3.0' 

—Diane Peters, general 

counsel for the Open Source 

Development Lab 



use of the Linux operating sys- 
tem. An estimated 70 percent 
of open-source software is 
licensed under the GPL, she 
said. "Willingly or unwillingly, 
enterprise developers will run 
into GPL 3.0." 

PATENT PEACE 

GPL 2.0 alluded to software 
patent issues, but 3.0 addresses 
them directly, said Moglen. "It 
will do a better job of shielding 
people from patent problems." 

The proposed GPL 3.0 draft 
includes a patent retaliation 
clause that precludes a develop- 
er from obtaining a patent (for 
software based on GPL 3.0 
code) and then using that 
patent as grounds to sue other 
users of GPL 3.0 code. If devel- 
opers do so, they lose their 
rights to modify and distribute 
GPL 3.0 code, which means 
they can't use that code in com- 
mercial software. "The goal of 
Richard [Stallman] and others 
in the open-source community 
is to discourage patent infringe- 
ment lawsuits," said Peters. 

Also covered in GPL 3.0 is 
digital rights management. 
DRM is essentially an umbrella 
term that refers to several tech- 
nologies used to enforce limita- 
tions of software, music, movies 




'The time has come to point to [digital rights 
management] as a problem of the future. ' 



—Eben Moglen, general counsel for the FSF 
and co-author of GPL 3.0 



and other digital data. The GPL 
3.0 draft defines encryption and 
authorization codes (used by 
some software developers to 
prevent their code from being 
copied) as source code. As 
such, it must be made available 
to other developers. "The time 
has come to point to DRM as a 
problem of the future," said 
Moglen. "DRM directly threat- 
ens users' rights." 

GPL 3.0 also addresses 
internationalization issues, he 



said. "GPL 2.0 depended on 
U.S. patents, and 3.0 does not." 

The release of the GPL 3.0 
draft marks the start of a struc- 
tured process of soliciting com- 
ments and incorporating feed- 
back from users (gplv3.fsf.org 
/comments). 

"We believe this process will 
be a matter of public education," 
said Moglen. "The [open] 
process will give GPL 3.0 a pub- 
lic legitimacy that no other copy- 
right license has ever had." I 



Beacon Team Shines on SPEM 2.0 Spec 



< continued from page 1 

SPEM 2.0, which is composed 
mainly of UMA and has been 
submitted to OMG for consid- 
eration as a standard. 

But Kamal Ahluwalia, lead 
system analyst with Osellus, 
which develops tools based on 
SPEM 1.1, is opposed to mov- 
ing forward with Beacon using 
a nonstandard specification. 
"Instead of using UMA, which 
is the proprietary IBM meta- 
model, or waiting for SPEM 
2.0, we would like to start up 
using an available OMG spec." 

Osellus, which is on the 
SPEM 2 committee but not a 
member of Eclipse, has com- 
mitted to aiding in an effort to 
move all donated code to 
SPEM 1.1, including the Basic 
Unified Process (BUP), a light- 
weight RUP variant con- 
tributed by IBM. "We see a 
huge risk in building tools/con- 
tent based on a metamodel that 
is not an industry standard," he 



wrote on the dev.eclipse.org 
discussion site, adding that 
there is a large community of 
users with a good understand- 
ing of the spec. 

"No organization seemed to 
in any way favor a move back 
to SPEM 1.1," said Kroll, 
speaking of the recent Beacon 
meeting, at which the SPEM 
issue was discussed extensively. 
"In general there was broad 
agreement that there would 
[be] many advantages if the 
SPEM 2.0 and EPF work 
could be synchronized (espe- 
cially with such a strong over- 
lap of committers participating 
in both projects)," read an 
excerpt from the meeting min- 
utes. "The assumption is that 
EPF will over time adopt 
SPEM 2.0, and EPF will pro- 
vide value to [the] SPEM 2.0 
effort by making SPEM 2.0 
practically useful," further 
read the minutes. Despite a 
customer base using Osellus' 



Iris Process SPEM 1.1-based 
product, Ahluwalia insisted 
that his concerns are not about 
moving customers but about 
the moving target of an emerg- 
ing standard. "It's not a matter 
of our customers having a for- 
ward migration to [SPEM] 2.0; 
it's about what happens to the 
credibility of a standard chang- 
ing widely without much cus- 
tomer reaction." 

Beacon project members 
also addressed that issue. "Only 
if SPEM 2.0 goes in a signifi- 
cantly different direction that 
makes it not useful for EPF 
goals, the EPF team will choose 
to rather prioritize usefulness 
and practicality over compli- 
ance with a specification," read 
the minutes. 

"Traditionally, there is a 
great synergy between stan- 
dards organizations and open- 
source projects," said Kroll, 
summing up his experiences. 
"Standards organizations are 



slow-moving and produce sta- 
ble standards with broad buy- 
in. The risk with standards is 
that they are academic and not 
practical. Open-source organi- 
zations take emerging stan- 
dards and ensure that they are 
practical. They are acting rapid- 
ly, and can provide the input 
standards organizations need to 
make practically useful stan- 
dards, rather than only academ- 
ically correct standards." 

IT'S ALL ACADEMIC 

According to Kroll, the technol- 
ogy in Beacon may eventually 
be part of the standard comput- 
er science curriculum at hun- 
dreds of colleges and universi- 
ties. "Right now, RUP is being 
taught at about 200 universi- 
ties," said Kroll, who drives 
process technology strategy for 
IBM and is responsible for the 
development of the Rational 
Unified Process. 

Eclipse, Kroll said, is taught 



at about 1,000 institutions 
today, and when completed, 
Beacon would automatically 
become a part of that. "Industry 
and research communities can 
capture their knowledge, and 
that can be taught at universi- 
ties and have it be adopted by 
the industry," he said. 

Kroll offered iterative devel- 
opment as an example of a best 
practice that has yet to catch on 
at many companies, despite a 
commonly held belief that it is 
superior to the so-called water- 
fall approach. 

"The main benefactor [of 
this work] would be main- 
stream corporations that now 
will have more of a de facto 
standard to help accelerate 
adoption of known proved best 
practices within the industry," 
he said. "I think that this move- 
ment will solidify the iterative 
approach and help companies 
improve the way they develop 
software." 

Kroll said he expects the 
Eclipse Process Framework 
version 1.0 to be ready in the 
third quarter of this year. I 
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Mobile PC applications — includrng chose 
tuned for Tablet PC— are in greater demand as 
users seek new ways to access data anywhere 
and 3t anytime. Simultaneously, computers are 
designed to be more mobNe, used more hours of 
the day and ht more scenarios. Analysts predict 
this trend will continue, and IT Professionals and 
independent Software vendors need to acquire the 
Knowledge and msigfit to determine how best to 
buila and deploy mobilised software applications. 

Tablet PCs are the evolution of the notebook 
PC. Designed to meet the mobile demands of en- 
terprise users, Information Technology (IT) profes^ 
Lionels, and end users alike, the Tablet PC offers 
the full power ar>d functionality of today's notebook 
PC — with no sacrifices. Powered by a superset of 
Microsoft* windows* Xp Professional, Tablet PC 
offers ttie robust features and security technolo- 
gies in Windows Kp Professional plus additional 
pen-based functionality. 

Microsoft Office System extends the capabili- 
ties of the Tablet PC with deep pen and ink integra- 
tion into existing software like Microsoft Word and 
Microsoft OneNote*. where you can bring ink, text, 
and Web content together in one program. OneNote 
end the Tablet PC turn note-taking, into information 
management— al lowing you to share notes, elec- 
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tronically assign action items, and turn notes into 
summary reports for distribution in e-mail. Ink is 
a ffrst Class data tyne similar to text — users need 
not convert ink notes into text. Because recogni- 
tion occurs in the background, users con search 
and sort ink notes as readily as text. 

Enhanced Ink-to-Text Experience — 
Because there are times when you do need 
to convert handwriting, Windows xp Tablet PC 
Edition 2005 introduced Tablet PC Input Panel, 
which makes it quicker and easier to convert 
Ink to text. With Windows Vista™, Microsoft 
and our hardware and software partners 
continue the invesimens wJth more pervasive 
support for ink, new-generation hardware, a 
wealth of new features, and (hrrd-parly software 
applications. Learn more about Windows Vista at 
ww w . microsoft -com / v I st a 

The Ultimate In Power Mobility, end 
Versatility— The Tablet PC is everything you need 
in one ng^iweisrn package, providing the power, 
mobility, and versatility your workplace demands. 
Tablet PC features include: 

- Advanced power management for long battery life- 
■ Built-in , zero-configuration wireless capability, 

* Lightweight design Tor easy carrying. 

- Grab-and-go docking. 

- Fa&t resume from Standby, for quick access, 

J The ability to convert handwriting into text and 
insert it into applications. 

- The capability to search fcoth handwriting anxf 
test together. 

* Inclusion of diagrams, cnarts, graphics, and 
drawings into notes. 

- Easy use of business forms by using the tablet 
pen to enter data. 

* Quick navigation with the tablet pen, 

j The ability to collect digital signatures. 

Like all laptops, the Tablet PC offers a com- 
plete desktop computer solution. Support for 
keytxjerds and other common peripheral devices 
—such as external monitors, speakers, and mul- 
timedia devices— also make the Tablet PC tne 
idear choice for a primary desktop com purer- 



Compatibility with Existing Windows 
XP-Based Programs— Windows KP Tablet PC 
Edition 2005 offers deep ink integration in familiar 
programs* such as those found m the Microsoft 
Office System. Any application that runs oa a 
Wrndows XP computer also runs on Tablet PC. 

Simplified Enterprise Deployment — 
Because Windows XP Tablet PC Edition 2005 Is 
a superset of Windows XP Profess ionaU Tablet 
PC offers tne security, reliability* and large- 
scale deployment capabilities of Windows XP 
Professiona]. 

&eamle&s Management— Manage Tablet 
PCs just like other windows XP-based computers- 
Tablet PCs provide Active Directory* directory 
services, remote assistance, and all of the net- 
working support of Windows XP Professional. 

Support for the <NET Framework- 
Windows XP Tablet PC Edition 2005 ts designed 
m accordance with the Microsoft .NET Framework, 
wmch ships with every copy of Windows xp Tablet 
PC Edition. It includes the common language 
runtime, which is at tne foundation of U^e -NET 
Framework. 

Powerful Development Platform— 
Windows XP Tablet PC Edition 2005 is a powerful 
platform for deveJopers who are interested in inte- 
grating pen, Ink, and speech functionality Into new 
or eatsthig programs. Developers can leverage 
tfteir enisling Knowledge, hardware, software 
tools and Microsoft Visual Studio"* to develop Ink 
enabred applications. 

A More Powerful Work Environment 
Tablet PCs are ideally suited for business users 
wfio spend much of their day away from their desks. 
The lightweight design, versatile support for 
wireless connectivity, and docking support enable 
mobile workers to stay productive whenever they 
are throughout tne day. The compatibility or Tablet 
PCs with existing software and support for Windows 
XP deployment resources creates sttargfttforward 
deployments and seamless management of Tab Jet 
PCs in corporate environments. All this adds un to 
more productive employees, easier resource man- 
agement* and the realisation of more potential 
Learn more atscut Tablet PC: 

■ iT professionals* visit 

msdfl P mlcrosoH,c<w/ta bletpc/ Itpro 

■ Developers, visit our developer center at 
mjscin B mjicrOsdh,corn/ tablet pc 

■ iniormation workers and end users, visit 
www.taWetpc.com 
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3GSM World Congress Not Just for Carriers 

Mobile industry's largest conference gets enterprise attention 



SHOW 



BY EDWARD J. CORREIA 

More than 40,000 people from 
around the globe are expected 
to pass through the gates of 
Spain's Fira de Barcelona Feb. 
13-16 to see and hear about 
new mobile devices, mobile 
applications and the 
platforms used to 
development them. 

For companies 
worried about a Blackberry 
blackout in light of recent litiga- 
tions involving device maker 
Research In Motion, Funam- 
bol was showing an open-source 
alternative. The Redwood City, 
Calif. -based developer unveiled 
what it claims is a drop-in 
replacement for RIM's Black- 
berry Enterprise Server. 

Funambol 3, the latest ver- 



SDTimes 



sion of its mobile synchroniza- 
tion server, adds push capabili- 
ties for Blackberry devices and 
for those running Windows 
Mobile, Palm OS, SyncML and 
WAP applications. 'We position 
Funambol as a safe, open-source 
alternative to RIM; if 
you go with open 
| source, you control 
your own destiny," 
said Funambol CEO Fabrizio 
Capobianco. "The beauty of the 
Blackberry is that you get noti- 
fied when something happens 
and you can react to it. We 
believe that all applications 
should work that way." 

The Funambol synchroniza- 
tion API permits developers to 
build C++, J2ME or J2SE appli- 
cations that work with or with- 



out a connection, said Capo- 
bianco. "That automatically 
takes care of the data synchro- 
nization; the local [device-side] 
database is the real one," he 
said. Client-side databases from 
Objects tore and Hypersonic are 
supported. The ideal server-side 
stack, according to Capobianco, 
consists of Linux, JBoss and 
MySQL, but Funambol also 
works with Oracle, Web Logic 
and Windows, as well as Domi- 
no, Exchange, IMAP, POP and 
Sybase systems, he said. 

Another company that stands 
to gain from a squashed Black- 
berry is Intellisync, which 
released Intellisync Mobile Suite 
7 with an improved interface and 
stronger support for e-mail sys- 
tems and devices. Intellisync has 



seen increased interest in its 
products following RIM's legal 
activities, according to a compa- 
ny spokesperson. 

Intellisync tools handle syn- 
chronization between mobile 
devices and back-end systems 
from BEA, IBM and Microsoft, 
as well as for IMAP and POP 
e-mail systems. The company in 
January added support for Lotus 
Notes and Domino. The tools 
support a variety of mobile 
devices including Blackberries 
and those running Palm OS, 
Symbian OS and Windows 
Mobile. Nokia in November 
agreed to acquire Intellisync 
for about US$430 million; the 
deal has cleared antitrust 
scrutiny and now awaits share- 
holder approval. 
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Trolltech Reaches Beyond Handhelds 

Otopia Core aims at single-tasking designs, replaces QT/Embedded 

BY EDWARD J. CORREIA 

Cross-platform development 
tools maker Trolltech is broad- 
ening its tools by narrowing 
their focus. The Oslo, Norway- 
based company in January 
released Qtopia Core, a version 
of its C + + application frame- 
work for embedded Linux that 
it says is intended to simplify 
the creation of single-applica- 
tion devices such as those for 
point-of-sale, image processing, 
office equipment and medical 
applications. 

Qtopia Core becomes the 
new foundation of the compa- 
ny's embedded solutions line, 
replacing QT/Embedded. The 
framework includes its own 
windowing system, a virtual 
frame buffer simulation tool for 
realistic testing, a variety of 
input methods, support for 
TrueType, Postscript Type 1 
and other fonts, and a channel- 
and-message system for inter- 
process communications. 

The new framework is based 
on Qt 4.1, Trolltech's develop- 
ment system for desktop sys- 
tems, and supports the same 
APIs, including support for 
complex graphics, application 
multithreading with thread-safe 
shared data and a model-view 
architecture. Unused compo- 
nents can be omitted to mini- 
mize footprint. Updated late 
last year, Qt version 4.1 report- 
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Qtopia Core includes Qt Designer, a GUI environment for Linux, Mac OS X and Windows for target interface creation. 



edly now offers improved per- 
formance, more efficient mem- 
ory consumption and container 
classes, which address universal 
data handling needs such as 
storing, sorting and retrieving 
groups of data items. 

Qtopia Core runs on Linux 
systems with kernel 2.4 or high- 
er, GCC 3.x or 4.x and between 



2.5MB and 6MB of memory, 
depending on configuration. 
ARM, MIPS, PowerPC and x86 
processors are supported. Like 
many Trolltech products, Qtopia 
Core is available under both 
GPL and commercial licenses. 
Pricing was not disclosed. 

Future iterations of Qtopia 
Core, according to the compa- 



ny, will include Qtopia Plat- 
form, which will include appli- 
cation management and user 
interface capabilities for con- 
sumer electronics and other 
multi-app products; and Qtopia 
Profiles and Qtopia Editions, 
which will be targeted at specif- 
ic vertical markets and product 
segments. I 




Funambol now offers a drop-in 
replacement for the RIM server, 
says Capobianco. 

Nokia itself made a series of 
announcements, including its 
plans to contribute its imple- 
mentation of Python for S60 
(formerly Series 60) to the 
open-source community. Cur- 
rently hosted on the company's 
Forum Nokia developer Web 
site, tools include an interpreter 
based on Python 2.2.2, Python 
standard libraries, a script shell, 
some native extensions and a 
Python console, according to 
the site. The tools, which work 
with S60 SDKs for desktop 
PCs, will reportedly be hosted 
on SourceForge.net. 

The cell phone giant also 
unveiled Forum Nokia Pro 
Flash, a version of its fee-based 
premium developer support ser- 
vice for enterprise developers 
that will focus on building rich 
mobile phone applications based 
on Adobe's Flash Lite technolo- 
gy. Nokia also planned to release 
the third edition of its C++ SDK 
for S60 devices, but was not 
ready to speak publicly about 
new features at press time. 

ActionEngine has updated 
its software development kit for 
its Mobile Application Platform 
(MAP). The company's flag- 
ship, MAP is a browserless 
client/server environment for 
creating XML- and XHTML- 
based transactional applications 
that also can integrate with 
PIM apps and native smart- 
phone features. 

The SDK works with Visual 
Studio and includes plug-ins for 
helping .NET developers collect 
data from Web-based sources, a 
database designer for creating 
data-driven user interfaces, 
and a tool for migrating existing 
SQL Server databases to 
MAP and generating server-side 
scripts to make it work. I 
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PrismTech Releases a Real-Time ORB for Java 



BY EDWARD J. CORREIA 

CORBA middleware developer 
PrismTech in January unveiled 
the OpenFusion RTOrb Java 
Edition, an object request bro- 
ker that it claims can deliver 
real-time responsiveness for 
distributed Java applications in 
a variety of embedded systems. 

The RTOrb Java Edition 
was developed against the JCP s 
Real-time Specifications for 
Java (RTSJ), and according to 
OpenFusion CORBA middle- 
ware product manager Andrew 
Foster, can work with any 
RTSJ-compliant JVM. "This 
creates an architecture in which 
hard real-time, soft real-time 
and non-real-time processes 
can coexist together," he said. 

Such systems would other- 
wise require multiple operating 
systems and languages, and 
complex interapplication com- 
munications. "For the first 
time, developers of hard real- 
time distributed systems can 
leverage the full range of bene- 
fits that are provided as part of 
the Java programming model," 
including its type-safety, securi- 
ty and portability, he said. 

The middleware, which has 
been tested on Solaris 10 and 
Red Hat Enterprise Linux, is 
expected to initially find its way 
into military and aerospace 
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command and control applica- 
tions, telecommunications net- 
work management apps and 
into the transactional systems of 
financial institutions, all places 
where CORBA is most com- 



monly found, he said. Pricing 
starts at US$5,000 per develop- 
er seat or per server processor 
(for runtime deployment). 

OpenFusion RTOrb Java 
Edition supports Sun's Java 



Real-Time System 1.0 JVM and 
a J2SE 1.4 JVM for non-real- 
time applications. The company 
plans to add support for IBM's 
J9 and AICAS' Jamaica 
RTJVMs in the future. Accord- 



ing to the company, the middle- 
ware uses 24MB of disk space 
and typically requires a mini- 
mum of 128MB of application 
memory, which it says is mainly 
consumed by the JVM. I 
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Introducing the QNX* Momentics? development \ 

Multi-Core Edition p the industry's most comprehensive 
software pfatfamm for multi-core systems. Powered by the 
massively scalable QNX Neutrino* RTOS. this fully integral 
solution supports AMP, SMP, and BMP, a groundbreaking 
technology that simplifies coda migration and future-proofs 
your designs lor quad-core end beyond; It's the latest 
innovation from QNX Software Systems, the undisputed 
loader in multiprocessing technology. 
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Discover how Dan and the QNX team deliver the shortest 
migration path to multi-core. Call 1 BOO 676 0566 or 
visit www.qnxcomflnrKrvate, 




Inlocks 



Maximize performance. Eliminate complexity. 
Accelerate migration r Only QNX offers: 

Asymmetric Multiprocessing VMft for ful 
dewFoper control and fault tolerance 

i Symmetric MultlprocEssirtg {SlAPJ lor maximum 
concurrency srai scalability 

Bound Multiprocessing CAMP} for the Fas 

code miction and minrmum desigri ccrr-i 

Transparent Inler-Processw CarnmunieatiCMi 
fTfPC) ptotocol for seamless Linujtcannegti' 

• System tracing tools for fast debugging and 
op-timii3t*an of muln'-Hirft applications 

n Off-the-shelf BSP& for muiti-core platforms ba 
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Search and Best toy 



New defect-tracking tools, 
practices help keep 
code free of bugs 



BY ALEX HANDY 

Bugs are inevitable. They're 
going to exist, no matter how 
many hours you spend staring 
at a collaboratively written 
snippet of code, no matter how 
many Roach Motels you put 
down. They're a fact, so you'd better 
have a system in place for making sure 
they're taken care of. 

In this modern age of Web 
2.47672. rev. b, online offices and instant 
messaging, it's remarkable how easily 
some information can still vanish into 
the ether. E-mail and AIM can swallow 
up messages about bugs, and without an 
easily accessible system, some of your 
bugs are probably being swept under the 
rug by a lazy coder here or there. 

If your organization is still using an 
antiquated bug-tracking system, such as 
an in-house FileMaker database or a 
massive Excel spreadsheet, it's time to 
upgrade. 

Matt Hargett, a Silicon Valley-based 
testing and QA consultant, said that the 
bare minimum any organization should 
have is Bugzilla. Hargett went on to say 
that this open-source tool is far from 
perfect, but if an organization has no 
defect-tracking system, and doesn't plan 
on extensively customizing an imple- 




Test/QA consultant Hargett says Bugzilla is a 
good first move when deciding on a system. 



mented system, then 
Bugzilla is the first stop 
on the way to a decision. 

"Bugzilla works if 
you don't do anything 
to it," said Hargett. 
"With Bugzilla, it's a 
giant duct tape and 
bailing wire tangle of 
Perl scripts, but it's 
solid duct tape and 
bailing wire. I've never 
heard of anyone losing 
the database or it crash- 
ing on them. Bugzilla is 
free, but it's not in a way. 
I'm all for open source — I run 
Linux on my laptop — but you 
need a Bugzilla specialist on staff if 
you're going to use it full-time." 

Hargett said that at one of his 
previous employers this is exact- 
ly what happened. "A security 
patch came out, and since our 
defect-tracking system was cus- 
tomer-facing, it was a security expo- 
sure and we weren't able to resolve it in 
a timely fashion. The cliffs were horrible 
because the code was horrible. If you 
customize it, there is a long-term main- 
tenance cost." 

But despite Bugzilla's shortcomings, 
Hargett maintains that a company look- 
ing to implement its first bug-tracking 
system should consider it as a first move. 
He said that the tool itself is solid and 
gives users a great understanding of 
what running a Web-based defect-track- 
ing system is all about. 

Dan Nobuto, a QA engineer at San 
Francisco-based Cloudmark, said that 
Bugzilla is a great tool. "Every other 
alternative I've seen requires a lot more 
resources. It's great to have a proper 
bug-tracking system that really works 
instead of relying on e-mail. And 
because it's open-source, you can modi- 
fy it to do whatever you need." 

But, agreed Nobuto, Bugzilla does 
have its problems. "For one thing, 
modification is a pain. The source has 
been going through clean-up, so it's 
getting better, but it has a much longer 





development 

cycle than most 

other open-source 

software. Also, in 

most places I've 

been (where Bugzilla 

is used), I've noticed search has 

been less than reliable once bugs go up 

above a certain count. I'm not sure if 

that's Bugzilla's fault, or the fault of the 

back-end database, though." 

What Bugzilla does offer, however, is 
a reliable Web-based defect-tracking sys- 
tem. And it is against this system that all 
others should be measured, said Hargett. 

SCALABILITY'S KEY 

Chris Ratcliffe, director of marketing for 
Solaris at Sun Microsystems, said that 
his company sees its defect-tracking sys- 
tem as a far-reaching tool, similar to its 
customer service Web sites. 



Ratcliffe said that his company's 
coders and testers are spread out 
across the globe, which makes an 
accessible bug-tracking tool a high 
priority. "We do a development 
build of Solaris every night," he 
said. "Once that build is done 
for multiple architectures, it's 
actually delivered onto a number 
of systems here at Sun. Some of 
those are desktops, some are 
servers, some host databases. We 
actually get real-world people using 
the very latest build of the process. 
The builds get shipped off to a lab in 
Ireland where they get regression 
tests: thousands of separate tests — 
everything from very small one-CPU 
boxes, all the way up to large enterprise 
systems. This all happens automatically. 
What it means is every morning when I 
come into work, I can go to a Web site 
and check up on last night's build of 
Solaris." 

And that, said Ratcliffe, comes thanks 
to the company's distributed bug-track- 
ing system. Each morning, with just a 
few mouse clicks, Ratcliffe can see a 
detailed report on how many bugs were 
discovered overnight. He can watch 
these bugs as they are tracked down, 
resolved and then removed from the 
database of current issues. 

But a system that's able to stand up to 
this type of use is not going to imple- 
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ment itself overnight. It requires careful 
planning and a strong Web host. 

When Hargett deployed a defect- 
tracking system at Network Associates, 
he quickly discovered what made some 
systems work and others fail. 

"One of the things that tend to get 
overlooked is scalability" said Hargett. 
"How many users can be signed on at 
once?" 

That's an issue that may be hard to 
quantify on a proprietary system that's 
not based on a Web server. In general, 
said Hargett, Web-based defect-tracking 
tools are much more flexible than other 
sorts, and with AJAX-enabled applica- 
tions expanding quickly, it's a good bet 
that some nifty new tools will be avail- 
able for Web-based tracking systems 
over the course of the coming year. 

Hargett also said that the back-end 
database upon which a defect-tracking 
system is based can lead to a lot of 
headaches down the road. "A lot of these 
bug-tracking systems have really crappy 
back-end databases that corrupt them- 
selves. You want to see if you can export 
the data into another system later," he 
advised. "Some try to lock you in with 
proprietary data formats." Exporting the 
database itself to a standard file format 
can save you in a pinch if the system 
crashes or gets corrupted. Also, it means 
that a broken defect-tracking system 
won't take down your information along 
with it if it fails. 

But the biggest challenge when 
choosing a defect-tracking system, said 
Hargett, is probably your fellow employ- 
ees. This is the same sort of problem a 
team can encounter while attempting to 
design any database. "One of the things 
I learned was that everyone wanted their 
own little field in the defect-tracking 
system database," said Hargett. "You 
have to avoid that. A lot of times the 
field they wanted was there; they just 
didn't like the name of the field. Their 
objections were purely nomenclature- 
based." 

Adding too many fields to each entry 
in the database can lead to a cluttered 
interface and a confused team of testers. 
When designing a widely accessible 
defect-tracking system, it's important to 



remember that some of the users you'll 
likely be enlisting to add bugs won't be 
programmers or testers. As such, requir- 
ing a dozen different strings of informa- 
tion will probably result in confused 
information, or worse still, fields left 
blank. 

Another problem that an overly 
elaborate database can create is slower 
searches. This is a notorious Achilles' 
heel for Bugzilla, and other defect- 
tracking systems could be slowed to 
a crawl when searching if your data- 
base is filled with too many fields of 
information. 

REDUCED TO TIERS 

One way to avoid this issue is to break up 
the defect listings into tiers. This means 
that end users can input a few fields' 
worth of information, say circumstances, 
symptoms and machine configuration. 
The rest is then input by the testing 
team as they recreate the bug. This is 
how Sun optimizes its massive defect- 
tracking system, said Ratcliffe. 

He said that a bug "essentially goes 
through the same process whether it's 
found internally or externally. The bug 
gets reported and placed in a bug-track- 
ing system we host internally at Sun. We 
then try to recreate it. In some cases, in 
order to reproduce the problem, we 
have to get access to customer systems, 
but that's rare nowadays. Dependent on 
the type of bug, we generally have a 
code fragment that indicates what's 
causing the problem. We then look at 
the scope of the problem and prioritize 
the bug. The rare bugs that we come 
across nowadays are ones that will cause 
an entire system crash. These are rated 
highly. Bugs that affect performance are 
rated highly as well." 

Hargett also pointed out that man- 
agers have different requirements than 
developers. The folks in the suits want to 
have pretty pictures and charts printed 
out by the defect-tracking system, and 
easily accessible metrics to show 
progress over time. These fellows are 
after raw numbers, and a good defect- 
tracking system should be able to pro- 
vide them quickly and in a legible form. 

But if your system cannot output 
graphs, be sure that the information can 
be transferred to some other program 
that can, such as Excel, he advised. 

REPRODUCING BUGS 

Once a bug is listed in the defect-track- 
ing system, your first action should prob- 
ably be to replicate it. Once that's been 
done, the replication should be written 
into an automated test that can reliably 




Agitar has 'bug week/ when everyone in the 
organization looks for defects, says Savoia. 

bring the defect back to the surface. 
Once this test has been created, your 
developers will have a one-click way to 
figure out if they've successfully 
squished the issue or not. You may even 
want to go as far as to list a "yes/no" tog- 
gle within each defect entry to indicate 
the presence of an automatic test in your 
arsenal, said Alberto Savoia, CTO of 
Agitar. 

"The practice I found to be most use- 
ful is to link every bug to an actual auto- 
mated test," Savoia said. "You can have a 
bug that describes something in the 
abstract. If you put yourself through the 
discipline of making the bug appear 
through an automated test, you give 
yourself two advantages. First, you have 
a way of telling that the bug has been 
fixed. Second you have another test in 
your arsenal, and you can never have too 
many tests." 

And there's another benefit, said 
Savoia. "I've seen it happen a ton of 
times. You fix a bug and think it'll never 
come back, then three months later it's 
back. Every bug we have gets a number, 
and then a test is named after that num- 
ber. It's not trivial to do, but it's a huge 
advantage." 

What if a salesman is pushing your 
wares in the field, but is rebuked by an 
irate customer plagued by a hyperspecif- 
ic bug in the last revision of your soft- 
ware? Does your sales team even know 
what defect tracking is? 

Everyone in your organization should 
be able to submit a bug quickly and 
easily. Your customers should be able to 
add them too. Freelance developers, 
sales associates, contractors, even your 



interns should all be able to submit bugs 
to your defect-tracking system. Whether 
this means you actually allow direct 
access via the Web, or you allow all 
interested parties to contact QA over the 
phone for support is up to you. But if 
you don't build a simple path toward bug 
submissions, you'll probably end up 
hearing about the showstoppers at the 
most inopportune moments. 

Sun employs a full-time staff of 
around 150 phone workers who not only 
provide customers with technical sup- 
port, but also track and catalog bugs. 
This means that the first interface a cus- 
tomer has with Sun after a deployment 
can lead to a properly formatted bug 
report being submitted to Sun's systems. 
Thus, the moment the customer reports 
the issue to a representative, it is known 
to the software development team. 

"What'll typically happen is [the cus- 
tomer] calls a support line," said Rat- 
cliffe. "There's a guy on the end of the 
phone and he talks to the customer 
about the problem. The more informa- 
tion we can get the better. The person 
on our end of the phone will compare 
the data against the bugs in the data- 
base, and if they don't find a match, 
they'll enter that bug in the database." 

JBoss uses a Web portal to track its 
bugs, and has opened it to both cus- 
tomers and partners so that defects can 
be tracked in an open process. Bob 
Bickel, JBoss' vice president of strategy 
and corporate development, said that his 
company has "a customer support portal 
that essentially tracks all of the issues we 
have from customers, and as part of that, 
there's a bug-tracking and patch-man- 
agement system, and that weaves into 
the back end." 

Savoia said that no one in his compa- 
ny is safe from bug detection. "Finding, 
fixing and verifying bugs should be the 
responsibility of everyone in the organi- 
zation," said Savoia. "We have bug week. 
During bug week, we get all the devel- 
opers to go bang on the code and find 
bugs. We have developers verify and 
close existing bugs. This includes all the 
managers, the QA people, the develop- 
ers, all of our people. Different people 
approach the software in different ways. 
If you just have the QA people and cus- 
tomers finding bugs, the developers are 
never exposed to the cost of bugs in the 
first place." 

In other words, just because you 
write the code does not excuse you from 
having to test the code. And just because 
they wrote the code, does not mean 
they're excused from writing up bugs in 
the defect-tracking system. I 
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EDITORIAL 

Leaders and Innovators 

It's that time again — time to share your nominations for 
the SD Times 100. That's this newspaper's listing of the 
most important companies and organizations in the soft- 
ware development industry, as well as individuals whose 
works over the past year have significantly affected and 
extended the art of application development. 

This is the fourth year for the SD Times 100, and 
while we're making a few changes to the categories, the 
process and procedures for the awards remain the 
same. The SD Times 100 isn't a product award; we 
won't tell you which Eclipse plug-in is the best, or 
which company sells the most feature-packaged SCM 
platform, or who adds the most value to Visual Studio 
Team System. 

Instead, the SD Times 100 focuses on those compa- 
nies, organizations or people that change the direction 
of software development. They don't have to be the 
biggest software companies; many of the greatest inno- 
vations come out of smaller firms. They don't have to be 
the ones with the largest market share, though a com- 
manding market presence can be an important indica- 
tion of leadership. (Even so, the biggest companies all 
too often exhibit the greatest amount of inertia.) But all 
winners have to make an active difference, in that they 
inspire their customers, attract partners, fire up com- 
petitors and get people talking. 

How do you know a leader? It's easy: Everyone watch- 
es leaders to see what they're doing now, and try to guess 
what they're going to do next. If your competitor is talk- 
ing about you, you're a leader. If your customers are anx- 
iously awaiting your next release, you're a leader. If you're 
playing a significant role in developing new technologies, 
you're a leader. 

If you're introducing new paradigms, new models, new 
technologies, new partnerships — and if other people are 
signing on and endorsing your efforts, or actively trying to 
block them by proposing or pushing alternatives — then 
you're a leader. 

What if you propose technologies, standards, alliances 
and paradigms, and nobody bothers to respond? Sorry. 

The SD Times 100 focuses on what companies, organi- 
zations and individuals did during the previous year — in 
this case, calendar year 2005. Leaders can't rest on their 
laurels; they must keep driving forward, forward, always 
forward. That's why SD Times writes about them; that's 
why their customers, partners and competitors watch 
them so intently. 

In fact, among the judging criteria that we use is a 
review of the news that we've written about the company, 
organization or person. Someone that makes and inspires 
a lot of news and critical analysis is probably more of a 
leader or innovator than someone who never had much to 
talk about. If the only people who ever talk about a com- 
pany are its executives, managers and publicists, well, 
where s the leadership there? 

Nominations are now open for the fourth annual 
SD Times 100. We invite you to visit www.bzmedia.com 
/sdtimeslOO.htm to read about the process and access the 
online nomination form. There's no charge or fee; we wel- 
come your input and feedback. The nominations will 
close on March 1, and the awards will be published in the 
June 1 issue of this newspaper. I 



Under Concurrence 



The software development 
community is about to 
drive into a wall. While the chip 
manufacturers are still adhering 
to the letter of Moore's Law, 
doubling transistor density reg- 
ularly, the spirit of the law, that 
every new machine would be at 
least twice as fast as its prede- 
cessor, is now only a memory. 
Barring truly radical changes in 
processor architecture, 

advances in desktop and laptop 
speed from now on will almost 
entirely result from parallelism, 
not linear improvements in 
throughput. 

The industry has been too 
complacent about the implica- 
tions. Too many believe that the 
poor performance of the net- 
work and the paging file excus- 
es them from having to consid- 
er performance problems. 
Indoctrinated on the dangers of 
premature optimization, too 
many fail to consider optimiza- 
tion at all. In a few years, when 
we change from multicore 
machines of two and four cores 
to manycore hardware, easy 
infrastructure improvements 
from the operating system and 
the .NET Common Language 
Runtime will rapidly tail off. 

The CLR makes the multi- 
core era survivable with a well- 
defined asynchronous idiom 
using BeginlnvokeQ and End- 
InvokeQ, a solid threading 
library and Monitor-based 
exclusion. This will not do in 
the manycore era. It's one thing 
to identify a hotspot in a pro- 
gram and realize, "Hey, I can 
split up the work in this array," 
and another to take advantage 
of a world where data is rou- 
tinely flowing among 8 or 16 or 
32 cores. 

No mainstream program- 
ming language is automatically 
parallelizable. This is ironic, 
since object-oriented program- 
ming has its roots in simulation, 
where concurrency is a basic 
concern. However, since main- 
stream OO languages allow state 
to be shared between threads, 
they're fundamentally crippled. 
When the basic rule for thread 
safety is "either write objects 
with no fields or write objects 
with no virtual method calls," the 
paradigms are clashing. 

Surprisingly, the mainstream 
language that seems to have the 
most far-reaching proposal for 
manycore programming is 
C/C++. Herb Sutter, who is an 
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architect at Microsoft and chair 
of the ISO C++ committee, 
gave the first public airing of his 
Concur project at last Septem- 
ber's PDC. Along with empha- 
sizing that Moore's "free lunch 
is over," Sutter proposes that 
existing approaches to concur- 
rency such as OpenMP do not 
go far enough and that the 
abstractions of .NET 
(and Java, for that 
matter) are inade- 
quate, focusing as 
they do on thread 
management, rather 
than the more gener- 
al concept of delayed 
execution. 

In Concur, an 
object, call or loop 
can be declared as 
"active," which means that its 
behavior runs in its own thread, 
conceptually. Returned values 
are "futures" whose values are 
indeterminate until paired with 
an explicit call to wait(), which 
blocks until the behavior con- 
cludes. It seems to me there are 
two major benefits to this 
approach: the pairing of con- 
currency with existing code 
structures and semantics and 
the introduction of large 
amounts of latent parallelism. 

THINKING IN PARALLEL 

Programmers already know the 
rules for the lifetimes of loops 
and method calls and objects — 
nothing but good can come if 
the same knowledge can be 
applied to the problems of con- 
currency. Also, because devel- 
opers stop worrying about the 
details of managing threads and 
shift their focus to the single 
(hard) question of whether an 
entity can be "active," Concur 
programs should tend to have 
more parallelizable entities 
than are immediately exploited. 
With future hardware genera- 
tions, this will provide an auto- 
matic performance boost. 

The idea of associating par- 
allelism with program structure 
is also seen in Ceo, although Sut- 
ter believes that language's 
"chords" require a mental shift 
that programmers will resist. 
Also, Concur is more flexible, 
with both fine-grained (loop- 
level) and coarse-grained (class- 
level) control. On the other 
hand, Concurs blocking wait() 
function call seems asymmetri- 
cal, and I wonder if it weakens 
the benefits derived from the 
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structural "active" declaration. 
It's a difficult language-design 
problem, as choosing "every- 
thing is a future" would seem to 
create the same intractable per- 
formance issues that one has 
with "everything is an object" 
languages — or even more. 

The other somewhat in- 
congruous part of the Concur 
proposal is the idea 
of a C + + program- 
mer leaving low- 
level resource man- 
agement to the infra- 
structure. Before 
Sutter's PDC talk, I 
more than half- 
expected him to 
speak about very 
low-level guarantees 
of atomic reading 
and writing. I was very im- 
pressed by the abstractions of 
Concur and the scope of the 
solution. In retrospect, the idea 
of introducing this to the C + + 
community was not as surpris- 
ing, as those are the people who 
have a history of struggling with 
hardware limits and perfor- 
mance issues and are most 
acutely aware of the end of the 
Moore's Law free lunch. 

I asked Sutter if he was 
ahead of the curve or if the 
C + + community was clamoring 
for a solution. He split the dif- 
ference: He said it was impor- 
tant to be ahead of the curve so 
that there's time "to get real 
experience with Concur and 
other kinds of models before 
picking something to standard- 
ize," but he also said that the 
word clamoring "is only a slight 
overstatement." He said, "Peo- 
ple realize we need better sup- 
port for concurrency." 

As it happens, I saw Sutter's 
Concur presentation and Tom 
Plum's Safe/Secure C++ ("Type 
Safety," Jan. 15, page 37) just a 
few days apart. For the past 
decade, most attention to pro- 
gramming languages has been 
on managed code and features 
that deliver high productivity to 
the development of in-house 
and Web applications. With 
C++/CLI, these exciting new 
technologies and an epochal 
shift toward parallel hardware, 
perhaps the time has come to 
return to the C. I 

Larry O'Brien is a tech- 
nology consultant, analyst and 
writer Read his blog at www 
.knowing.net. 
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Who Owns Application Security? 



In 2005, a number of very 
high-profile data security 
breaches hit well-known brands 
such as Polo Ralph Lauren and 
DSW Shoe Warehouse. These 
breaches were an embarrassing 
reminder to businesses of all 
types that, while there are obvi- 
ous steps organizations can take 
to protect networks and encrypt 
sensitive data, one factor can 
make or break the entire secu- 
rity framework: application 
security 

At face value, this seems a 
fairly obvious statement — of 
course applications must be 
secure. But it is not the end 
result that poses a challenge — 
risk management and other 
operational officers are seeing 
major conflicts arise when deter- 
mining the process, and owner- 
ship, of application security. The 
ownership portion, in particular, 
has been murky, and there has 
been little clarity over the roles 
application developers/architects 
and IT security professionals 
play in the process. Consider this 
conversation: 

Chief Risk Officer: "I need 
you, Application Developer and 
IT Security Professional, to 
make sure our company's soft- 
ware is absolutely secure." 

IT Security Professional: 
"Umm, OK. . .I've never worked 
with Application Developer 
before. But sure, I can make 
sure he is developing securely." 

Application Developer: "Wait 
a minute... I'm the application 
development expert. The IT 
Security Professional may un- 
derstand security, but I know 
software development." 

IT Security Professional: 
"Right, but I am the security 
expert. And I should be involved 
in IT security decisions." 

Application Developer: "But 
you, IT Security Professional, 
don't understand application 
development — that's my do- 
main." 

You can guess where this not- 
so-productive conversation is 
headed — to the medicine cabi- 
net for a headache remedy. 

While the Chief Risk Officer's 
request — and ultimate goal — 
was reasonable and responsible, 
the net result is that, for the first 
time, companies have two 
teams — the application develop- 
ers/architects and IT security 
experts — heavily involved in 
application development. These 
are two functional organizations 



that have traditionally operated 
in silos — there has been little or 
no interaction between the two 
groups. And with increased 
interaction comes the question 
of ownership, which must be set- 
tled and communicated clearly: 
Who really is responsible for 
ensuring application security — 
IT security professionals or 
application develop- 
ers and architects? 

The answer is 
surprisingly simple: 
Both parties have 
the shared responsi- 
bility for ensuring 
that enterprise appl- 
ications are ade- 
quately protected. 
For organizations to 
ensure that applica- 
tions (and, thus, their sensitive 
data) are truly secure, security 
officers and application archi- 
tects must work together. 
There is no room for pointing 
fingers or skirting responsibili- 
ty — security must be a joint 
undertaking that leverages the 
skills, knowledge and expertise 
of both parties. 

WHAT SHARING LOOKS LIKE 

The traditional error organiza- 
tions have made is in asking — or 
even forcing — application devel- 
opment staff to become security 
experts. Traditionally, imple- 
menting security in applications 
requires specialized security 
toolkits and libraries that can be 
too complex for most enterprise 
developers and thus can add sig- 
nificant time to development 
cycles. These tools traditionally 
require a level of security exper- 
tise that is outside the scope 
of knowledge of most enterprise 
developers. To use such tools 
properly, developers must 
acquire deep knowledge of secu- 
rity mechanisms and operations. 
In other words, developers 
must become experts in security, 
as well as business logic develop- 
ment. And, with staff already 
stretched thin, this burden is 
simply too heavy for most enter- 
prise developers, particularly 
when business units are breath- 
ing down their necks to "just get 
it done!" This has often meant 
that, in the end, the question of 
security lands on the plate of IT 
management, a group that fre- 
quently has limited knowledge of 
application requirements, which 
can inhibit their ability to ade- 
quately address the challenge. 
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In fact, Ray Wagner, research 
vice president at Gartner, says: 
"Organizations often have little 
confidence that they have imple- 
mented security controls proper- 
ly because of the high level of 
sophistication required, and the 
result is too often an expensive 
or even embarrassing scramble 
when a problem is found after 
rollout." 

In a shared vision 
for application secu- 
rity, organizations 
should come back to a 
logical starting point: 
IT security staff. IT 
security experts un- 
derstand the organiza- 
tion's security policies 
and are concerned 
about whether estab- 
lished security policies will 
be enforced. They also under- 
stand how security rules change 
over time, and have insight 
into adjustments that need to 
be made in response to new reg- 
ulatory requirements and best- 
practice initiatives. 

As a result, IT security 
experts have the right — and the 
responsibility — to outline poli- 
cies that define the levels of 
security appropriate for various 
enterprise applications. They 
must take ownership for classify- 
ing a company's data based on 
function, levels of sensitivity and 
regulatory needs. With this 
information in hand, application 
developers are well-positioned 
to implement security appropri- 
ate for new applications. 

A key benefit associated with 
this approach is that corporate 
developers are able to address 

Safe and Sound 



security effectively without 
adding significant cycles to the 
development process. With 
established and centralized secu- 
rity policies, developers don't 
have to spend dozens of extra 
man-hours integrating security. 
Essentially, most of the work will 
have been done in the policy 
development process — now, it's 
simply a matter of applying the 
policies to a given application. 

The main lesson here: Don't 
force application development 
staff to become security experts. 
This is both unnecessary and 
unproductive. Instead, leverage 
the complementary expertise of 
both sides of the house in order 
to ensure that new enterprise 
applications are as secure as they 
can possibly be. And, equally 
important, organizations need to 
create processes that enable 
application architects and devel- 
opers to easily implement securi- 
ty into their apps during the 
design phase of the application 
development process, based on 
the policies established by the 
company's IT security experts. 

By balancing the manage- 
ability needs of IT managers, 
security officers and risk man- 
agement analysts with the 
design and implementation 
needs of application architects 
and developers, organizations 
will be able to more effective- 
ly implement appropriate 
security mechanisms from the 
onset of a project. And, with 
application security addressed 
from the beginning, compa- 
nies will be better positioned 
to address ongoing threats to 
data security. I 

Chris Parkerson is senior prod- 
uct manager for developer solu- 
tions at RSA Security. 
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Efforts to secure enterprise software from malicious Internet-borne 
attack appear to be paying off, according to a survey of nearly 400 
developers in North America published late last year by Evans Data. 

According to the study, 
just slightly more than 35 
percent of respondents said 
they had experienced at 
least one security breach, 
compared with 41 percent 
from a study six months ago 
and 58 percent in last year's 
survey. 

A security breach is 
defined by Evans as "a suc- 
cessful incursion through 
one or more layers of a com- 
pany's Internet perimeter." 
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Ruby: The Little Engine That Could 



Little languages are undergoing a revo- 
lution of sorts. In its original defini- 
tion, the term "little language" referred to 
languages like awk and pic, which were 
purposely designed to solve problems in a 
narrowly defined domain. They also 
relied on a small, easily learned syntax. 
They were not necessarily dynamic as the 
term is used today, although they had 
some capacities in this regard. 

Little languages, however, had a dis- 
tinct handicap: There were so many of 
them that you were, it seemed, always 
learning a new language. This expecta- 
tion sort of worked in the days when 
Unix programmers were more of a cabal 
than a tradesman's guild. In that arcane 
culture, you were expected to know the 
multiple shell scripting dialect plus the 
multiple languages that made up troff, 
as well as awk, sed, yacc and the like. 

As time passed, however, and real 
non-academic work needed to be done, 
pragmatic folks had little desire to be 
part of the brotherhood, and they 
weren't amused at learning a dozen little 
languages to get work done. Enter gen- 
eral-purpose dynamic languages. First 
came Perl, which retained Unix's affinity 
for baroque and cryptic forms of expres- 
sion. And then came Python, which 
delivered a needed comprehensive 



clean-up of language syntax. Just at this 
point, the incursion of the Web queered 
things a bit: It spawned a host of new 
Web-oriented little languages such as 
JavaScript and PHP. With so many lan- 
guages available, the same unwanted 
proliferation was happening again. 

Despite this, Yukihiro Matsumoto, an 
amateur language designer 
with a radical view of lan- 
guage architecture, thought 
one more language was nec- 
essary. He devised a com- 
pletely OO language, which 
he named Ruby. News of the 
elegance of his design spread 
by word of mouth, and Ruby 
became the darling of a small 
group of dedicated evange- 
lists. The language, however, 
did not gain serious recognition until 
The Pragmatic Programmers (Andy 
Hunt and Dave Thomas) became the 
K&R of Ruby. Their book, "Program- 
ming Ruby," brought the remarkable 
aspects of the language to light. 

Most impressive is the radical imple- 
mentation of object-oriented develop- 
ment and design. Everything in Ruby is 
an object. And I mean everything. 68 
might look like a mere number to you, 
but to Ruby enthusiasts, it's an object, 



Integration Watch 




and 68.abs is a call to 68's method for 
determining its absolute value. Like- 
wise, "mailbox" is a simple string; and 
"mailbox". length returns the number of 
characters in it, that is, seven. This sort 
of universal OO is enough to make even 
the most hidebound Smalltalk pedant 
squeal with delight. 

But for all its elegance, 
Ruby has lacked two things to 
really break out: tools and a 
killer app. Within the past 
year, both have arrived. The 
killer app is Ruby on Rails 
(RoR), which is an open- 
source framework (at www 
.rubyonrails.org) for develop- 
ing database-driven Web 
applications. Rather than 
being yet-another- Web- 
framework, RoR delivers what most 
developers really want in such frame- 
works: simplicity. In its basic form, RoR 
requires only a Web server, a database 
engine and a few lines of code. The 
innards require little code and not much 
configuration — meaning you can be 
done quickly. RoR has advanced fea- 
tures, such as support for AJAX, but it 
does not force you down labyrinthine 
corridors to make use of them. 

Due to this prototyping ease, RoR is 



quickly gaining adherents among consul- 
tants and Web site designers. Expect 
much greater adoption there. How well it 
can scale beyond RAD and small to 
medium-sized Web sites has yet to be 
seen. Moreover, whether it can stay pure 
and simple in enterprise settings is anoth- 
er open question. Only time will tell. 

The second problem Ruby faced was a 
lack of tools. One developer, whom I am 
paraphrasing, put it this way: "I code in 
Java and like it. I suspect C# is a some- 
what better language, but not a better 
platform. And I suspect that Ruby is a 
better language than both Java and C#. If 
only it had some tools, I'd give it a try." 

The solution has arrived in the form of 
ActiveState, the company that for years 
has provided terrific IDEs for dynamic 
languages such as Perl and Python. Ver- 
sion 3.5 of its Komodo IDE was just 
released with support for Ruby. This 
includes edit, debug and testing within 
the IDE of both Ruby and RoR code. 
Komodo runs on Windows, Linux, Mac 
and Solaris platforms, so now Ruby can be 
developed with ease everywhere. 

It takes time for a new language to 
gain acceptance, even critical mass. 
However, Ruby's elegance and its role in 
RoR give it more than a reasonable shot 
at becoming an established language, 
especially for true RAD development. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. 
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Scripting and Java 



The "general wisdom" about scripting 
languages — that systems written in 
them go together much faster and are 
much more flexible than compiled lan- 
guages — is largely unsubstantiated con- 
jecture. I just don't believe that there's 
anything inherent in a scripting language 
that makes for faster development and 
greater flexibility I have noticed that 
garbage code written in PHP actually 
works a significant percentage of the 
time and that garbage code written in 
Java rarely works at all. 

When a Java system is well-written, 
it's quite flexible, and incremental 
changes of the sort championed by the 
scripting folks are easy to do. Moreover, 
not everything's easy in a script. Take 
your average PHP system, where the 
HTML is embedded right in the PHP 
code that's also implementing business 
logic. Simple look-and-feel changes, 
which would be trivial in a JSP-with-cus- 
tom-tags system, are painful at best. 

On the other hand, scripting lan- 
guages do have their uses. For example, 
if you're using AJAX heavily on a site that 
does little more than expose a database 
to the Web, then a scripting language is a 
perfectly good choice for supplying the 
glue that connects the AJAX control to 
the database. More complex sites 



require more complex structure, however. 

Put another way, scripting languages 
are great for some parts of a system but 
not others. Hybrid systems — part Java, 
part PHP, part Ruby or Python — are 
becoming commonplace for good reason. 
If done properly, a hybrid architecture 
can solve complex problems better than a 
system written entirely in any 
one language. This structure is 
really just the hoary notion of 
a small language. Use a lan- 
guage that's appropriate for the 
job at hand. 

On the building-hybrid-sys- 
tems front, JSR 223, Scripting 
for the Java Platform, is of par- 
ticular interest. This JSR is slat- 
ed for inclusion in the Mustang 
release and provides a means of 
interfacing Java programs to arbitrary 
scripting languages. A reference imple- 
mentation is available, along with the full 
specification, at jcp.org and connects Java 
to PHP, JavaScript and Groovy. 

The expert group has done an exem- 
plary job. Not only is the specification 
itself well-written, but what the spec does 
seems well-thought-out and honestly 
useful. Three scenarios are handled: 
calling into Java code from the scripting 
language, executing scripts from Java, 



and executing scripts from servlets. 

The spec can't really dictate how every 
scripting language should make Java calls, 
since every language has its own syntax, 
but it does make some suggestions. The 
basic idea is to use a wrapping strategy 
around objects that represent the Java 
equivalents. For example, a PHP program 
might do the following: 

$javadate = new Java 
("java.util.Date"); $date = 
$javadate->toString(); 

Note how the system takes 
care of type conversions for 
you. (I haven't shown the 
arguments in this example, 
but these will be converted 
/.TT/jjj properly.) A server-side script 
ffi ijif*-H could even do something 
IJ XJX J -J complicated like get the Java 
Thread object that's processing the 
request and putting it to sleep for a few 
seconds, or communicating over a socket 
opened by the Java side of the program. 

Moving in the other direction, the Java 
APIs center on the notion of a "scripting 
engine" that executes the script. You can 
instantiate engines for several languages 
simultaneously. The notions of name- 
spaces are supported, and you can inject 
Java variables into (and remove them 
from) the engine to make them available 




to the script, which could access them as 
global variables, for example. You pass a 
string containing a script to the engine 
for processing (or pass it a reader) and 
the engine executes the script. (You can, 
of course, use Runtime. exec() to execute 
a script in another process simply by run- 
ning the PHP interpreter, for example, 
but you've always been able to do that.) 
Perhaps more interestingly, you can pass 
a script into an Engine, then call individ- 
ual subroutines in the script and get back 
the return value. 

The Servlet APIs differ from the oth- 
er Java-side APIs in that they give the 
script access to the session, request and 
response objects. That is, you can do 
part of your processing in a servlet or in 
JSP, and you can delegate other process- 
ing to a PHP or Ruby script. All three 
systems will be reading from the same 
request and writing to the same 
response, and they can all share infor- 
mation in the session. 

To my mind, the sort of interlanguage 
interoperability that's possible with JSR 
223 is wonderful. Java is a great lan- 
guage, but there's no single language 
that's best at everything. This project 
gives us the ability to write programs 
that let us use the most appropriate tool 
for the task at hand. I 

Allen Holub is an architect, consultant 
and instructor in C/C++, Java and OO 
Design. Reach him at www.holuh.com. 
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Making Web Services Work 



Industry Watch 



The promise of Web services is to be 
able to exchange data between 
external systems — from a company to a 
supplier, for example, or from an invest- 
ment bank back-end system to its local 
offices. This promise continues to grow, 
with business rules, process models and 
other higher-level services being thrown 
into the mix. 

Despite the universal 
acceptance of SOAP, WSDL 
and the other basic speci- 
fications, though, Web ser- 
vices interoperability remains 
extremely difficult to pull off, 
according to Anne Thomas 
Manes, research director with 
the Burton Group. 

"If you're doing simple 
stuff, [Web services] works," 
she said. "But if you try to do 
more complex stuff, you can run into 
trouble." 

Part of the interoperability problem 
can be traced to politics — vendors fight- 
ing over the specifications that define 
Web services. "You can never achieve 
interoperability if you can't agree on 
specs," Manes said, mentioning as an 
example the split between the WS -Reli- 
ability camp and the WS-Reliable Mes- 
saging faction. 

Interestingly, Manes praised the 
efforts of companies such as BE A, IBM 
and Microsoft, which develop specifica- 
tions privately or through bilateral 
agreement, and only after they're fin- 
ished offer them up to standards bodies 
or industry consortia. While many in the 
industry, including this newspaper, often 
say this is not the way to create a stan- 
dard, Manes believes that without these 
companies driving specifications, noth- 
ing would get accomplished. 




"When you get less than five compa- 
nies involved, you can get something 
done," she said. "That process works. 
Look at WS-Security. There were 50 or 
60 companies working on it. It was sub- 
mitted in August of 2002 and wasn't 
published until April of 2004. They did 
a lot of good things to the spec, but they 
only made six normative changes in 18 
months. People were fight- 
ing over every dotted I and 
crossed T" 

But running even deeper 
than the political mach- 
inations over defining these 
Web services protocols are 
the technological problems 
that must be overcome 
to achieve interoperability. 
Manes said one of the biggest 
challenges is in binding a pro- 
gramming language to XML, which is 
why consuming in Java a Web service 
created in a .NET language is sometimes 
difficult. "Type mapping creates a prob- 
lem," she said. "There are inconsisten- 
cies in mapping types to XML and back. 
What if you want to send a null value. Is 
it a null element, or nil=true? Products 
handle nulls very differently." 

Manes went on to say that the Web 
Services Interoperability Organization 
passed on tackling the problem, assert- 
ing that subsetting the XML schema 
specification was moving into dangerous 
territory, where some structures would 
be allowed and others wouldn't. Sud- 
denly, developers who thought their 
work adhered to a specification could 
find that the work no longer supported 
that spec because of a structure the 
developer chose in creating a Web ser- 
vice. Manes noted that the World Wide 
Web Consortium has created data bind- 



ing working groups — "not only for Web 
services," she said — but cautioned that 
the W3C "is not the most quick organi- 
zation. They've been working on WSDL 
since 2001, and it's still not done." 

The best advice she can give to peo- 
ple trying to create interoperable Web 
services is "don't use language-specific 
types." DataSet is a native type associat- 
ed with Microsoft's ADO. "In a pure 
Microsoft environment, it's wonderful," 
she said. "But to try to expose that data 
type, it renders into a complex structure 
that only ADO understands." DataSet, 
or Java HashMap, must first be convert- 
ed into arrays. And while this isn't "so 
awful," Manes said, it's a challenge. 

In the Java world, that challenge is 
magnified by the fact that people have 
a background in object-oriented pro- 
gramming, and Web services are decid- 
edly not object-oriented, she said. 
"People want to treat it as an object-ori- 
ented system, but it's not designed to 
do that. You're not transferring objects, 
only data." 

And what of the new service-oriented 
architectures? "It's a design approach," 
Manes stated flatly. There's nothing that 
gets close to addressing interoperability. 
It's not technology." 

If software companies selling SOA 
tools truly want to be successful, their 
executives will tone down the hyper- 
bole about the wonders of a service 
architecture and let the engineers 
resolve the real technical issues. 
Because right now, adding semantics 
and other definitions to Web services 
will only exacerbate the thorny prob- 
lems Manes describes. That, of course, 
will lead to other approaches, frag- 
menting things even more and moving 
the industry further from the stated 
goal of interoperability. I 
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MICROSOFT POSTS RECORD REVENUES 

Citing big gains from the launches of Xbox 360 and SQL Server 2005, Microsoft 
reported the highest quarterly revenue in company history, posting US$11.84 bil- 
lion for the period ended Dec. 31, 2005. Net income for the quarter was $3.65 bil- 
lion, or 34 cents per share. "The growth in our core business was healthy during 
the quarter driven by strength in Server and Tools and the success of our Win- 
dows Client products in a robust PC market," Chris Liddell, Microsoft CFO, said in 
a statement. "The quarter also marked the beginning of an important product 
cycle for Microsoft with the launches of Xbox 360, SQL Server 2005, Visual Stu- 
dio 2005 and Microsoft Dynamics CRM 3.0, all of which were extremely success- 
ful and well received by our customers." 

Despite healthy earnings, Compuware has made some high-level organizational 
changes to "improve the consistency of our sales execution," according to chair- 
man and CEO Peter Karmanos Jr. For the third quarter ended Dec. 31, the company 
reported revenues of US$305.9 million, with net income of $37.7 million. Earnings 
per share were 10 cents. Hank Jallos has been named president and COO for Com- 
puware products, and Tommi White becomes president and COO for Compuware ser- 
vices. Bob Paul retains his position overseeing Covisint operations . . . SOA Soft- 
ware, a provider of comprehensive SOA and Web services, announced its financial 
results for fiscal year 2005. The company delivered revenues of US$29.9 million and 



reported growth of more than 450 percent from fiscal 2004 ... Sun Microsytems 
reported results for its fiscal second quarter of 2006. Revenues were US$3,337 bil- 
lion, an increase of 17 percent, compared with $2,841 billion for the second quarter 
of fiscal 2005. Net loss for the quarter on a GAAP basis was $223 million, or 7 cents 
per share, compared with a net income of $4 million, for the second quarter of fis- 
cal year 2004 . . . Pervasive Software posted second quarter 2006 revenue of 
US$11.3 million, compared with $11.6 million for the second quarter of fiscal 2005. 
Net income was $500,000, or 2 cents per share— the same as the year-ago quar- 
ter .. . CA, formerly known as Computer Associates, reported third quarter fiscal 
2006 revenue of US$967 million, an increase of 5 percent over the prior year. 
Income from continuing operations was $56 million, an 81 percent increase from the 
third quarter a year earlier. GAAP earnings per share from continuing operations 
were 9 cents per share. CA spent $107 million in the quarter buying back almost 4 
million shares of stock . . . ILOG saw a dip in revenue for the second quarter of fis- 
cal 2006 when compared with the same quarter a year earlier. Revenue for Q2 
2006 was US$31 million; in the same period last year, revenue was $32.2 million. 
GAAP loss per share was 1 cent, compared with earnings of 12 cents per share last 
year . . . Informatica posted revenues of US$79.8 million for the fourth quarter of 
fiscal 2005, up 33 percent from the $60 million reported for the same period last 
year. Net income was $13.6 million, or 14 cents per diluted share, compared with a 
net loss of $98.7 million, or $1.14 per share, in the fourth quarter of 2004. 1 



CALENDAR OF EVENTS 



Web Services/SOA Feb. 27 

On Wall Street 

New York 

LIGHTHOUSE PARTNERS & FLAGG MANAGEMENT 

www.webservicesonwallstreet.com 



SHARE 

Seattle 
SHARE 

www.share.org 



March 5-10 



Business March 6-8 

Intelligence Summit 

Chicago 
GARTNER 

www.gartner.com/2_events/conferences/bi4.jsp 



Emerging Technology 
Conference 

San Diego 
O'REILLY MEDIA 

conferences.oreillynet.com 



March 6-9 



Intel Developer 
Forum Spring 

San Francisco 
INTEL 

www.intel.com/idf/us/spring2006 



March 7-9 



SD West 2006 


March 13-17 


Santa Clara 




CMP MEDIA 




www.sdexpo.com 




BrainShare 2006 


March 19-24 


Salt Lake City 




NOVELL 




www.novell.com/brainshare 




EclipseCon 


March 20-23 


Santa Clara 




ECLIPSE FOUNDATION 




www.eclipsecon.org/2006/Home.do 





Game Developers 
Conference 

San Jose 
CMP MEDIA 

www.gdconf.com 



March 20-24 



LinuxWorld 
Conference & Expo 

Boston 

IDG WORLD EXPO 

www.linuxworldexpo.com/live/12 



April 3-6 



Embedded Systems April 3-7 

Conference Silicon Valley 

San Jose 
CMP MEDIA 

www.esconline.com/sv 

International Conference April 3-7 
On Software Process Improvement 

Orlando, Fla. 

INTERNATIONAL INSTITUTE FOR SOFTWARE 

PROCESS 

www.icspi.com 

Linux on Wall Street April 24 

New York City 

LIGHTHOUSE PARTNERS & FLAGG MANAGEMENT 

www.linuxonwallstreet.com 



LinuxWorld & 
NetworkWorld Canada 

Toronto 

PLUM COMMUNICATIONS 

www.lwnwexpo.plumcom.ca 



April 24-26 



MySQL Users Conference April 24-27 

Santa Clara 
O'REILLY MEDIA 

www.mysgluc.com 

For a more complete calendar of U.S. software devel- 
opment events, see www.bzmedia.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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Altovtf* MapFtm#*2QQ§ - The premier data integration and Web services implementation tool. 



ALTOVA* 

mapfoi 

2006 



Streamline 

Web services 



Hook up with Map Force* 2006, and build 
Web services without writing any code. 

Mew In MapFbrce ZOOS: 

• Drag-and-drop Web services implementation 

•Advanced fiat file parsing and integration 

• Project-wide code generation 

1 Embedding in your applications 
vie OLE / ActiveX 
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EDI 
XML 
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AJtova^MapFoirce., the tool awarded tor easy 
Integration of XML, database, text, and EDI 
file form ats, now atso lets you implement 
Wteb services in a visual way. Simply drag 
connecting lines from information sources 1o 
'argets and drop in data processing functions. 
MapForoe converts data on-ths-fly and auto- 
erates data mapping code In X3LT 1.0/2.0, V 
Java, C++, or C# for use in your data Integra 
**/eb services applications. Give your data direction* 
Download MapFonce^ 2006 today: www,a ltova.com 



Also available in the Mova XML Suite. 
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Ship Software OnTime" 
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ONTIME2Q06 

The Fast & Scaleable Team Solution for... 

Defect & Issue Tracking • Feature & Change Tracking • Task a To-do List Tracking • Helpdesk Ticket Tracking 

OnTime is the market-leading project, defect and feature management tool for agile software development and test teams. 
OnTime facilitates tracking, analyzing and trending team- based software development efforts in an intuitive and powerful user 
interface. A fully customizable Ul, powerful workflow, process enforcements, two-way email communications and custom reports 
combine to help software development teams ship software on-time I 

Available for Windows, Web & VS.NET 2003/2005 



OnTime 2006 Professional Edition 



OnTime 2006 Small Team Edition 
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* For Teams of 1 to 1 ,000 Members 

• From $149 Per Jser 
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For Teams up to 10 Members 
Free Single-User Installations 
S495 for5-Team Members 
S995 for 1 o-Team Members 



800-6530024 




software far software development' 

www.axosoft.com 



Only $495 for up to 5 Users • Only $995 for up to 10 Users 

Free Single-User Installations 



